如何使客户在Pod上获得公共IP? [英] How to get clients public IP on the pod?
问题描述
我有一个基于Python-Flask的应用程序.我希望在客户端访问我的入口端点时获得客户端公共IP.
I have an application based on Python-Flask. I would like to get Clients Public Ip when they are hits my ingress endpoint.
我已经尝试将externalTrafficPolicy更改为Local和Cluster.
I have already tried to change externalTrafficPolicy to Local and Cluster.
我的Pod YAML文件
My Pod YAML file
apiVersion: v1
kind: Pod
metadata:
labels:
run: webplatform
name: webplatform-deployment-6d68c99fc7-xlb8j
namespace: prod
spec:
containers:
- command:
- python
- /app/app.py
envFrom:
- secretRef:
name: webplatform-secret
optional: false
image: docker.fuchicorp.com/webplatform-prod:0.5
imagePullPolicy: Always
name: webplatform-container
imagePullSecrets:
- name: nexus-creds
serviceAccount: webplatform-service-account
serviceAccountName: webplatform-service-account
我的服务YAML文件
apiVersion: v1
kind: Service
metadata:
name: webplatform-service
namespace: prod
spec:
externalTrafficPolicy: Cluster
ports:
- nodePort: 32744
port: 7101
protocol: TCP
targetPort: 5000
selector:
run: webplatform
sessionAffinity: None
type: NodePort
我的Ingress资源YAML文件
My Ingress recourses YAML file
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/cluster-issuer: letsencrypt-fuchicorp-prod
kubernetes.io/ingress.class: nginx
generation: 2
name: ingress-webplaform
namespace: prod
spec:
rules:
- host: academy.fuchicorp.com
http:
paths:
- backend:
serviceName: webplatform-service
servicePort: 7101
tls:
- hosts:
- academy.fuchicorp.com
secretName: letsencrypt-sec-webplatform-prod
当我看到日志时,我看到日志中的Ingress-Controllers IP
When I see the logs I see that Ingress-Controllers IP on the logs
INFO: 10.16.0.16 - - [28/Sep/2019 20:06:12] "GET / HTTP/1.1" 200 -
推荐答案
TL; DR
客户端IP应该通过X-Forwarded-For
HTTP标头
应由负载均衡器(入口控制器)提供.假设您的群集正在云(aws,gcp等)上运行,则可以通过X-Forwarded-For
HTTP标头获取客户端IP.
It should be provided by the load balancer (the ingress controller). Assuming your cluster is running on the cloud (aws, gcp, etc.), you get the client IP via the X-Forwarded-For
HTTP header.
如果它是本地k8s集群(您在自己的私有云/本地计算机上运行),请配置负载均衡器以执行以下操作- http://nginx.org/en/docs/http/ngx_http_proxy_module.html# proxy_next_upstream
If its an on-prem k8s cluster (you run it on your own private cloud/ local machine), configure your load-balancer to do that- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream
这篇关于如何使客户在Pod上获得公共IP?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!