# AWS EKS — NLB with Proxy Protocol v2 for real client IPs
service:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "external"
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
    service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
ports:
  web:
    proxyProtocol:
      trustedIPs: "10.0.0.0/8"       # <- adjust to your VPC CIDR
    forwardedHeaders:
      trustedIPs: "10.0.0.0/8"
  websecure:
    proxyProtocol:
      trustedIPs: "10.0.0.0/8"
    forwardedHeaders:
      trustedIPs: "10.0.0.0/8"