I’m currently running a GKE cluster with the NGINX Ingress Controller to manage incoming traffic. My domain is proxied through Cloudflare with IP Geolocation enabled, which adds the CF-IPCountry header to incoming requests to denote the client’s country code. However, I’m facing challenges in forwarding this header to my backend services.

Current Ingress Configuration:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-backend-ingress
  namespace: my-backend
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: 'true'
    nginx.ingress.kubernetes.io/body-size: '0'
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header CF-IPCountry $http_cf_ipcountry;
      real_ip_header CF-Connecting-IP;
      proxy_set_header Host $http_host;
      proxy_set_header Scheme $scheme;
      proxy_set_header SERVER_PORT $server_port;
      proxy_set_header REMOTE_ADDR $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
    nginx.ingress.kubernetes.io/proxy-connect-timeout: '60'
    nginx.ingress.kubernetes.io/proxy-http-version: '1.1'
    nginx.ingress.kubernetes.io/proxy-read-timeout: '600'
    nginx.ingress.kubernetes.io/proxy-send-timeout: '600'
    nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - api.my-domain
      secretName: back-dev-tls
  rules:
    - host: api.my-domain
      http:
        paths:
          - path: /(/?|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: my-backend-service
                port:
                  number: 80

Steps I’ve Taken:

1. Enabled IP Geolocation in Cloudflare: Verified that the CF-IPCountry header is added to incoming requests by enabling the IP Geolocation feature in the Cloudflare dashboard.
2. Configured NGINX Ingress Annotations: Added a configuration-snippet annotation to set the CF-IPCountry header for proxied requests.

Issue:

Despite these configurations, the CF-IPCountry header doesn’t appear to be reaching my backend services. I’m unable to retrieve the client’s location based on this header.