Kubernetes集群中的DisallowedHost Django部署:无效的HTTP_HOST标头 [英] DisallowedHost Django deployment in Kubernetes cluster: Invalid HTTP_HOST header
问题描述
我在Azure Kubernetes群集中具有一些基本配置的前端服务的Django部署.但是请注意,同样的问题也适用于我的本地Minikube集群.我从远程容器注册表中获取了Django前端容器映像,并公开了port 8010.我的服务配置也非常简单.
I have a Django deployment for a frontend service in my Azure Kubernetes cluster with some basic configuration. But note that the same question applies for my local Minikube cluster. I fetch my Django frontend container image from my remote container registry and expose port 8010. My service configuration is quite simple as well.
frontend.deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend-v1
labels:
app: frontend-v1
spec:
replicas: 1
selector:
matchLabels:
app: frontend-v1
template:
metadata:
labels:
app: frontend-v1
spec:
containers:
- name: frontend-v1
imagePullPolicy: Always
image: yourremotename.azurecr.io/frontend-remote:v1
ports:
- containerPort: 8010
imagePullSecrets:
- name: acr-secret
frontend.service.yaml
kind: Service
apiVersion: v1
metadata:
name: frontend-v1
spec:
selector:
app: frontend-v1
ports:
- NodePort:
protocol: TCP
port: 8010
targetPort: 8010
type: NodePort
现在,当我在浏览器中访问部署的前端服务时,即 http://172.17.194.253:31436 ,使用Django的设置DEBUG = True,我得到了错误:
Now, when I access my deployed frontend service in the browser i.e. http://172.17.194.253:31436 with Django's setting DEBUG = True, I get the error:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/local/lib/python3.6/dist-packages/django/utils/deprecation.py", line 93, in __call__
response = self.process_request(request)
File "/usr/local/lib/python3.6/dist-packages/django/middleware/common.py", line 48, in process_request
host = request.get_host()
File "/usr/local/lib/python3.6/dist-packages/django/http/request.py", line 122, in get_host
raise DisallowedHost(msg)
Exception Type: DisallowedHost at /
Exception Value: Invalid HTTP_HOST header: '172.17.194.253:31436'. You may need to add '172.17.194.253' to ALLOWED_HOSTS.
但是如何将Pod的动态创建的HostIp绑定到Django的ALLOWED_HOSTS?
But how can I bind the dynamically created HostIp of the pod to Django's ALLOWED_HOSTS?
推荐答案
从Kubernetes 1.7开始,可以在kubernetes部署文件中请求pod的HostIp.
Since Kubernetes 1.7 it is possible to request the HostIp of the pod in your kubernetes deployment file.(1)
首先调整部署文件以设置HostIp所需的环境变量.在下面的场景中,我设置了POD_IP和HOST_IP,因为它们是不同的.您可以在Kubernetes部署文件中使用环境变量注入各种Kubernetes应用程序数据变量,有关此主题的更多信息,请查看
First adjust the deployment file to set the required environment variable for the HostIp. In the beneath scenario I set the POD_IP and the HOST_IP, as they are different. You can inject a variety of Kubernetes application data variables using environment variables in your Kubernetes deployment files, for more info about this topic look here.
frontend.service.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend-v1
labels:
app: frontend-v1
spec:
replicas: 1
selector:
matchLabels:
app: frontend-v1
template:
metadata:
labels:
app: frontend-v1
spec:
containers:
- name: frontend-v1
imagePullPolicy: Always
image: yourremotename.azurecr.io/frontend-remote:v1
ports:
- containerPort: 8010
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
imagePullSecrets:
- name: acr-secret
现在,在Django中,您可以调整ALLOWED_HOSTS配置,使其指向HOST_IP环境变量.
Now in you Django settings adjust the ALLOWED_HOSTS configuration to point to the HOST_IP environment variable.
settings.py
import os
...
ALLOWED_HOSTS = [os.environ.get('HOST_IP'), '127.0.0.1']
....
请注意,这允许pod的HostIP以及本地主机用于本地开发.
警告!.一些博客文章或教程建议您将ALLOWED_HOSTS = ['*']设置为接受所有主机IP,但这是一个严重的安全漏洞.不要这样做!
Warning! Some blog posts or tutorials advise you to set ALLOWED_HOSTS = ['*'] to accept all host IP's, but this is a serious security loophole. Don't do this!
现在重新部署您的pod,并且Django应用程序应该可以再次平稳运行.
Now redeploy your pod and your Django application should run smoothly again.
这篇关于Kubernetes集群中的DisallowedHost Django部署:无效的HTTP_HOST标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
