Kubernetes不保留源IP [英] Kubernetes not preserve source ip

问题描述

我已经按照以下配置安装了kubernetes 1.2.0

I've installed kubernetes 1.2.0 with the following configuration

export nodes="user@10.0.0.30 user@10.0.0.32"
export role="ai i"
export NUM_NODES=2
export SERVICE_CLUSTER_IP_RANGE=192.168.3.0/24
export FLANNEL_NET=172.16.0.0/16
export KUBE_PROXY_EXTRA_OPTS="--proxy-mode=iptables"

我创建了一个nginx pod，并使用负载均衡器和外部IP地址进行公开

I've created a nginx pod and expose with load balancer and external IP address

kubectl expose pod my-nginx-3800858182-6qhap --external-ip=10.0.0.50 --port=80 --target-port=80

我在裸机上使用kubernetes，因此我已将10.0.0.50 ip分配给主节点.

I'm using kubernetes on bare metal so i've assigned 10.0.0.50 ip to master node.

如果我尝试curl 10.0.0.50(从kubernetes外部)并在nginx pod上使用tcpdump看到流量，则源IP始终来自kubernetes主节点

If i try curl 10.0.0.50 (from outside kubernetes) and use tcpdump on nginx pod i see traffic, the source ip is always from the kubernetes master node

17:30:55.470230 IP 172.16.60.1.43030 > 172.16.60.2.80: ...
17:30:55.470343 IP 172.16.60.2.80 > 172.16.60.1.43030: ...

我正在使用mode-proxy = iptables.并需要获取实际的源IP.我在做什么错了?

i'm using mode-proxy=iptables. and need to get the actual source ip. what am i doing wrong ?

推荐答案

这是在Kubernetes 1.5中作为注释添加的(文档

This was added as an annotation in Kubernetes 1.5 (docs here).

在1.7中，它已经升级到了GA，因此您可以使用spec.externalTrafficPolicy字段(docs

In 1.7, it has graduated to GA, so you can specify the load balancing policy on a Service with spec.externalTrafficPolicy field (docs here):

{
  "kind": "Service",
  "apiVersion": "v1",
  "metadata": {
    "name": "example-service",
  },
  "spec": {
    "ports": [{
      "port": 8765,
      "targetPort": 9376
    }],
    "selector": {
      "app": "example"
    },
    "type": "LoadBalancer",
    "externalTrafficPolicy": "Local"
  }
}

这篇关于Kubernetes不保留源IP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！