Hey,
I am using ingress-nginx in my cluster, however it seems to be seeing all incoming requests from the client ip of 127.0.0.1

127.0.0.1 - [127.0.0.1] - - [01/Feb/2018:16:38:25 +0000]

I've double checked my service, and it's set to externalTrafficPolicy: Local which should preserve the client ip but it is not.

I tested removing envoy and just using ingress-nginx alone, and the client ip is correct, therefore it leads me to believe that for whatever reason, we're losing that information because of envoy.

Looking in the istio-proxy logs, it also shows 127.0.0.1:

[2018-02-01T16:49:52.335Z] "GET / HTTP/1.1" 200 - 0 116763 251 246 "127.0.0.1"

We use ingress-nginx for modsecurity/openwaf, so knowing that client ip is very important! Any tips as to how we can get envoy to preserve it?

For context, we're on GKE, kubernetes 1.8.6 and istio 0.4.0