我有一个基于Python-Flask的应用程序。我想在客户端公共 IP 到达我的入口终结点时获取它们。
我已经尝试将外部流量策略更改为本地和集群。
我的豆荚 YAML 文件
apiVersion: v1
kind: Pod
metadata:
labels:
run: webplatform
name: webplatform-deployment-6d68c99fc7-xlb8j
namespace: prod
spec:
containers:
- command:
- python
- /app/app.py
envFrom:
- secretRef:
name: webplatform-secret
optional: false
image: docker.fuchicorp.com/webplatform-prod:0.5
imagePullPolicy: Always
name: webplatform-container
imagePullSecrets:
- name: nexus-creds
serviceAccount: webplatform-service-account
serviceAccountName: webplatform-service-account
我的服务 YAML 文件
apiVersion: v1
kind: Service
metadata:
name: webplatform-service
namespace: prod
spec:
externalTrafficPolicy: Cluster
ports:
- nodePort: 32744
port: 7101
protocol: TCP
targetPort: 5000
selector:
run: webplatform
sessionAffinity: None
type: NodePort
我的入口资源 YAML 文件
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/cluster-issuer: letsencrypt-fuchicorp-prod
kubernetes.io/ingress.class: nginx
generation: 2
name: ingress-webplaform
namespace: prod
spec:
rules:
- host: academy.fuchicorp.com
http:
paths:
- backend:
serviceName: webplatform-service
servicePort: 7101
tls:
- hosts:
- academy.fuchicorp.com
secretName: letsencrypt-sec-webplatform-prod
当我看到日志时,我在日志上看到入口控制器 IP
INFO: 10.16.0.16 - - [28/Sep/2019 20:06:12] "GET / HTTP/1.1" 200 -
TL;博士
客户端 IP 应通过X-Forwarded-ForHTTP 标头提供
它应由负载均衡器(入口控制器(提供。假设您的集群在云(aws、gcp 等(上运行,您可以通过X-Forwarded-ForHTTP 标头获取客户端 IP。
如果是本地 k8s 集群(您在自己的私有云/本地计算机上运行它(,请配置负载均衡器以执行此操作- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream