adds the enable-real-ip-recursive allowing control over real_ip_recursive

internal/ingress/controller/config/config.go

@@ -556,6 +556,11 @@ type Configuration struct {
 	// Sets whether to enable the real ip module
 	EnableRealIP bool `json:"enable-real-ip"`
 
+	// Sets whether to use recursive search in the real ip module
+	// https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
+	// Default: true
+	EnableRealIpRecursive bool `json:"enable-real-ip-recursive"`
+
 	// Sets the header field for identifying the originating IP address of a client
 	// Default is X-Forwarded-For
 	ForwardedForHeader string `json:"forwarded-for-header,omitempty"`
@@ -790,6 +795,7 @@ func NewDefault() Configuration {
 		ErrorLogLevel:                    errorLevel,
 		UseForwardedHeaders:              false,
 		EnableRealIP:                     false,
+		EnableRealIPRecursive:            true,
 		ForwardedForHeader:               "X-Forwarded-For",
 		ComputeFullForwardedFor:          false,
 		ProxyAddOriginalURIHeader:        false,

rootfs/etc/nginx/template/nginx.tmpl

@@ -143,7 +143,12 @@ http {
     real_ip_header      {{ $cfg.ForwardedForHeader }};
     {{ end }}
 
+    {{ if $cfg.EnableRealIpRecursive }}
     real_ip_recursive   on;
+    {{ else }}
+    real_ip_recursive   off;
+    {{ end }}
+
     {{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
     set_real_ip_from    {{ $trusted_ip }};
     {{ end }}