如何使客户在Pod上获得公共IP? [英] How to get clients public IP on the pod?

问题描述

我有一个基于Python-Flask的应用程序.我希望在客户端访问我的入口端点时获得客户端公共IP.

I have an application based on Python-Flask. I would like to get Clients Public Ip when they are hits my ingress endpoint.

我已经尝试将externalTrafficPolicy更改为Local和Cluster.

I have already tried to change externalTrafficPolicy to Local and Cluster.

我的Pod YAML文件

My Pod YAML file

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: webplatform
  name: webplatform-deployment-6d68c99fc7-xlb8j
  namespace: prod
spec:
  containers:
  - command:
    - python
    - /app/app.py
    envFrom:
    - secretRef:
        name: webplatform-secret
        optional: false
    image: docker.fuchicorp.com/webplatform-prod:0.5
    imagePullPolicy: Always
    name: webplatform-container
  imagePullSecrets:
  - name: nexus-creds
  serviceAccount: webplatform-service-account
  serviceAccountName: webplatform-service-account

我的服务YAML文件

apiVersion: v1
kind: Service
metadata:
  name: webplatform-service
  namespace: prod
spec:
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 32744
    port: 7101
    protocol: TCP
    targetPort: 5000
  selector:
    run: webplatform
  sessionAffinity: None
  type: NodePort

我的Ingress资源YAML文件

My Ingress recourses YAML file

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/cluster-issuer: letsencrypt-fuchicorp-prod
    kubernetes.io/ingress.class: nginx
  generation: 2
  name: ingress-webplaform
  namespace: prod
spec:
  rules:
  - host: academy.fuchicorp.com
    http:
      paths:
      - backend:
          serviceName: webplatform-service
          servicePort: 7101
  tls:
  - hosts:
    - academy.fuchicorp.com
    secretName: letsencrypt-sec-webplatform-prod

当我看到日志时，我看到日志中的Ingress-Controllers IP

When I see the logs I see that Ingress-Controllers IP on the logs

INFO: 10.16.0.16 - - [28/Sep/2019 20:06:12] "GET / HTTP/1.1" 200 -

推荐答案

TL; DR

客户端IP应该通过X-Forwarded-For HTTP标头

应由负载均衡器(入口控制器)提供.假设您的群集正在云(aws，gcp等)上运行，则可以通过X-Forwarded-For HTTP标头获取客户端IP.

It should be provided by the load balancer (the ingress controller). Assuming your cluster is running on the cloud (aws, gcp, etc.), you get the client IP via the X-Forwarded-For HTTP header.

如果它是本地k8s集群(您在自己的私有云/本地计算机上运行)，请配置负载均衡器以执行以下操作- http://nginx.org/en/docs/http/ngx_http_proxy_module.html# proxy_next_upstream

If its an on-prem k8s cluster (you run it on your own private cloud/ local machine), configure your load-balancer to do that- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream

这篇关于如何使客户在Pod上获得公共IP?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！