From 1ed6cac64713f7c71695ea48f5fe2b862966807a Mon Sep 17 00:00:00 2001
From: Unchained <unchained@nodecrew.me>
Date: Fri, 3 Apr 2026 06:55:42 +0200
Subject: [PATCH] fix(k8s): use NodePort with externalTrafficPolicy Local to
 preserve client IP

Change storefront service from ClusterIP to NodePort with externalTrafficPolicy: Local.
This preserves the real client source IP instead of NATing to the node IP.

Fixes analytics tracking showing Hetzner IP (138.201.11.251) instead of real visitor IPs.
Same fix previously applied to Rybbit backend service.

Note: On single-node clusters, this works seamlessly. Traefik routes directly
to the node where the pod is running, preserving the original source IP.
---
 k8s/service.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/k8s/service.yaml b/k8s/service.yaml
index 57362c1..b470681 100644
--- a/k8s/service.yaml
+++ b/k8s/service.yaml
@@ -4,9 +4,13 @@ metadata:
   name: storefront
   namespace: manoonoils
 spec:
+  # Use NodePort with externalTrafficPolicy: Local to preserve client source IP
+  # This is required for proper client IP detection in analytics (Rybbit, etc.)
+  type: NodePort
+  externalTrafficPolicy: Local
   selector:
     app: storefront
   ports:
   - port: 3000
     targetPort: 3000
-  type: ClusterIP
+    # Let Kubernetes assign a NodePort automatically