使用entryPoints.http.forwardedHeaders的带有X-Forwarded-For标头的Traefik白名单

时间:2019-02-28 14:45:59

标签: kubernetes traefik traefik-ingress

我正在尝试使用traefik 1.7.6将入口资源放在白名单后面,但它始终返回403状态代码。

请注意,Traefik位于负载均衡器的后面,该负载均衡器将X-Forwarded-For标头放入请求(https://docs.cloud.oracle.com/iaas/Content/Balance/Reference/httpheaders.htm)。

这是traefik配置

data:
  traefik.toml: |
    defaultEntryPoints = ["http"]

    [entryPoints]

      [entryPoints.http]
      address = ":80"

      [entryPoints.http.forwardedHeaders]
        trustedIPs = ["<**load-balancer-ip**>"]

      [entryPoints.traefik]
        address = ":8080"
        [entryPoints.traefik.auth.basic]
        users = ["admin:secret"]

    [kubernetes]
      [kubernetes.ingressEndpoint]
        publishedService = "default/mygateway"

    [ping]
    entryPoint = "http"

    [api]
    entryPoint = "traefik"

这是应该列入白名单的入口资源

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: frontend-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.frontend.rule.type: PathPrefixStrip
    ingress.kubernetes.io/whitelist-x-forwarded-for: "true"
    traefik.ingress.kubernetes.io/whitelist-source-range: "<whitelisted-ips-range>"
spec:
  rules:
    - host:
      http:
        paths:
          - path: /mypath
            backend:
              serviceName: myservice
              servicePort: myserviceport
---

如果我发出请求,使用列入白名单的ip之一,我可以看到Traefik没有使用X-forwarder-header解析我的真实ip。

time="2019-02-28T14:31:51Z" level=debug msg="request &{Method:GET URL:/mypath Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Authorization:[Basic YWRtaW46YWRtaW4=] Referer:[https://<load-balancer-ip>/mypath] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-US,en;q=0.9,it;q=0.8] Connection:[keep-alive] Access-Control-Allow-Origin:[*] Accept:[application/json, text/plain, */*] Dnt:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36]] Body:{} GetBody:<nil> ContentLength:0 TransferEncoding:[] Close:false Host:<load-balancer-ip> Form:map[] PostForm:map[] MultipartForm:<nil> Trailer:map[] RemoteAddr:<load-balancer-ip>:35818 RequestURI:/mypath TLS:<nil> Cancel:<nil> Response:<nil> ctx:0xc000b5e5d0} - rejecting: "<load-balancer-ip>:35818\" matched none of the white list"

添加服务文件。yml

---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-controller
  labels:
    app: traefik-ingress-controller
  annotations:
spec:
  selector:
    app: traefik-ingress-controller
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    nodePort: 30080
    name: http
  type: NodePort
  externalTrafficPolicy: Local

---

更新:Trefik调试日志

time="2019-03-01T13:57:15Z" level=info msg="Using TOML configuration file /config/traefik.toml"
time="2019-03-01T13:57:15Z" level=info msg="Traefik version v1.7.6 built on 2018-12-14_06:43:37AM"
time="2019-03-01T13:57:15Z" level=debug msg="Global configuration loaded {\"LifeCycle\":{\"RequestAcceptGraceTimeout\":0,\"GraceTimeOut\":10000000000},\"GraceTimeOut\":0,\"Debug\":false,\"CheckNewVersion\":true,\"SendAnonymousUsage\":false,\"AccessLogsFile\":\"\",\"AccessLog\":null,\"TraefikLogsFile\":\"\",\"TraefikLog\":null,\"Tracing\":null,\"LogLevel\":\"DEBUG\",\"EntryPoints\":{\"http\":{\"Address\":\":80\",\"TLS\":null,\"Redirect\":null,\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":false,\"TrustedIPs\":[\"<loadbalancer-ip-1>/32\",\"<loadbalancer-ip-2>/32\"]}},\"traefik\":{\"Address\":\":8080\",\"TLS\":null,\"Redirect\":null,\"Auth\":{\"basic\":{\"users\":[\"admin:$apr1$FV9Q2vjA$gJt2UT8bt6DT6RVDm5qI20\"]}},\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}}},\"Cluster\":null,\"Constraints\":[],\"ACME\":null,\"DefaultEntryPoints\":[\"http\"],\"ProvidersThrottleDuration\":2000000000,\"MaxIdleConnsPerHost\":200,\"IdleTimeout\":0,\"InsecureSkipVerify\":false,\"RootCAs\":null,\"Retry\":null,\"HealthCheck\":{\"Interval\":30000000000},\"RespondingTimeouts\":null,\"ForwardingTimeouts\":null,\"AllowMinWeightZero\":false,\"KeepTrailingSlash\":false,\"Web\":null,\"Docker\":null,\"File\":null,\"Marathon\":null,\"Consul\":null,\"ConsulCatalog\":null,\"Etcd\":null,\"Zookeeper\":null,\"Boltdb\":null,\"Kubernetes\":{\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":{\"IP\":\"\",\"Hostname\":\"\",\"PublishedService\":\"default/anotherservice\"}},\"Mesos\":null,\"Eureka\":null,\"ECS\":null,\"Rancher\":null,\"DynamoDB\":null,\"ServiceFabric\":null,\"Rest\":null,\"API\":{\"EntryPoint\":\"traefik\",\"Dashboard\":true,\"Debug\":false,\"CurrentConfigurations\":null,\"Statistics\":null},\"Metrics\":null,\"Ping\":{\"EntryPoint\":\"http\"},\"HostResolver\":null}"
time="2019-03-01T13:57:15Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"
time="2019-03-01T13:57:15Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0003550e0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2019-03-01T13:57:15Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:0xc000525aa0 WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00002a5a0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2019-03-01T13:57:15Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
time="2019-03-01T13:57:15Z" level=info msg="Starting server on :80"
time="2019-03-01T13:57:15Z" level=info msg="Starting server on :8080"
time="2019-03-01T13:57:15Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":{\"IP\":\"\",\"Hostname\":\"\",\"PublishedService\":\"default/anotherservice\"}}"
time="2019-03-01T13:57:15Z" level=debug msg="Using Ingress label selector: \"\""
time="2019-03-01T13:57:15Z" level=info msg="ingress label selector is: \"\""
time="2019-03-01T13:57:15Z" level=info msg="Creating in-cluster Provider client"
time="2019-03-01T13:57:16Z" level=debug msg="Received Kubernetes event kind *v1.Endpoints"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping updating Ingress default/frontend-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping updating Ingress default/service-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping updating Ingress default/other-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping updating Ingress default/whitelist-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping updating Ingress default/traefik-dashboard-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:16Z" level=debug msg="Received Kubernetes event kind *v1.Secret"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping updating Ingress default/frontend-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping updating Ingress default/service-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping updating Ingress default/other-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping updating Ingress default/whitelist-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping updating Ingress default/traefik-dashboard-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:16Z" level=debug msg="Skipping Kubernetes event kind *v1.Secret"
time="2019-03-01T13:57:16Z" level=debug msg="Configuration received from provider kubernetes: {\"backends\":{\"/fe\":{\"servers\":{\"myservice-5c55585b8-cxprc\":{\"url\":\"http://10.11.4.70:3000\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/promo\":{\"servers\":{\"promo-api-service-7d5968c556-rrfk2\":{\"url\":\"http://10.11.3.53:9189\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/anotherservice\":{\"servers\":{\"anotherservice-7856788888-dwnjc\":{\"url\":\"http://10.11.4.4:8762\",\"weight\":1},\"anotherservice-7856788888-kczj5\":{\"url\":\"http://10.11.3.9:8762\",\"weight\":1},\"anotherservice-7856788888-sxtzt\":{\"url\":\"http://10.11.5.6:8762\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/sockjs-node\":{\"servers\":{\"myservice-5c55585b8-cxprc\":{\"url\":\"http://10.11.4.70:3000\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/static\":{\"servers\":{\"myservice-5c55585b8-cxprc\":{\"url\":\"http://10.11.4.70:3000\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/traefik\":{\"servers\":{\"traefik-ingress-controller-5945dd5fbf-hkt6p\":{\"url\":\"http://10.11.3.99:8080\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}}},\"frontends\":{\"/fe\":{\"entryPoints\":[\"http\"],\"backend\":\"/fe\",\"routes\":{\"/fe\":{\"rule\":\"PathPrefixStrip:/fe\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null,\"whiteList\":{\"sourceRange\":[\"<whitelisted-ip-subnet>/24\",\"<whitelisted-ip-subnet>/24\"],\"useXForwardedFor\":true}},\"/promo\":{\"entryPoints\":[\"http\"],\"backend\":\"/promo\",\"routes\":{\"/promo\":{\"rule\":\"PathPrefix:/promo\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/anotherservice\":{\"entryPoints\":[\"http\"],\"backend\":\"/anotherservice\",\"routes\":{\"/anotherservice\":{\"rule\":\"PathPrefixStrip:/anotherservice\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/sockjs-node\":{\"entryPoints\":[\"http\"],\"backend\":\"/sockjs-node\",\"routes\":{\"/sockjs-node\":{\"rule\":\"PathPrefix:/sockjs-node\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/static\":{\"entryPoints\":[\"http\"],\"backend\":\"/static\",\"routes\":{\"/static\":{\"rule\":\"PathPrefix:/static\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/traefik\":{\"entryPoints\":[\"http\"],\"backend\":\"/traefik\",\"routes\":{\"/traefik\":{\"rule\":\"PathPrefixStrip:/traefik\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null}}}"
time="2019-03-01T13:57:16Z" level=debug msg="Wiring frontend /fe to entryPoint http"
time="2019-03-01T13:57:16Z" level=debug msg="Creating backend /fe"
time="2019-03-01T13:57:16Z" level=debug msg="configured IP white list: [<whitelisted-ip-subnet>/24 <whitelisted-ip-subnet>/24]"
time="2019-03-01T13:57:16Z" level=debug msg="Configured IP Whitelists: [<whitelisted-ip-subnet>/24 <whitelisted-ip-subnet>/24]"
time="2019-03-01T13:57:16Z" level=debug msg="Adding TLSClientHeaders middleware for frontend /fe"
time="2019-03-01T13:57:16Z" level=debug msg="Creating load-balancer wrr"
time="2019-03-01T13:57:16Z" level=debug msg="Creating server myservice-5c55585b8-cxprc at http://10.11.4.70:3000 with weight 1"
time="2019-03-01T13:57:16Z" level=debug msg="Creating route /fe PathPrefixStrip:/fe"
time="2019-03-01T13:57:16Z" level=debug msg="Wiring frontend /promo to entryPoint http"
time="2019-03-01T13:57:16Z" level=debug msg="Creating backend /promo"
time="2019-03-01T13:57:16Z" level=debug msg="Adding TLSClientHeaders middleware for frontend /promo"
time="2019-03-01T13:57:16Z" level=debug msg="Creating load-balancer wrr"
time="2019-03-01T13:57:16Z" level=debug msg="Creating server promo-api-service-7d5968c556-rrfk2 at http://10.11.3.53:9189 with weight 1"
time="2019-03-01T13:57:16Z" level=debug msg="Creating route /promo PathPrefix:/promo"
time="2019-03-01T13:57:16Z" level=debug msg="Wiring frontend /anotherservice to entryPoint http"
time="2019-03-01T13:57:16Z" level=debug msg="Creating backend /anotherservice"
time="2019-03-01T13:57:16Z" level=debug msg="Adding TLSClientHeaders middleware for frontend /anotherservice"
time="2019-03-01T13:57:16Z" level=debug msg="Creating load-balancer wrr"
time="2019-03-01T13:57:16Z" level=debug msg="Creating server anotherservice-7856788888-dwnjc at http://10.11.4.4:8762 with weight 1"
time="2019-03-01T13:57:16Z" level=debug msg="Creating server anotherservice-7856788888-kczj5 at http://10.11.3.9:8762 with weight 1"
time="2019-03-01T13:57:16Z" level=debug msg="Creating server anotherservice-7856788888-sxtzt at http://10.11.5.6:8762 with weight 1"
time="2019-03-01T13:57:16Z" level=debug msg="Creating route /anotherservice PathPrefixStrip:/anotherservice"
time="2019-03-01T13:57:17Z" level=debug msg="Configuration received from provider kubernetes: {\"backends\":{\"/fe\":{\"servers\":{\"myservice-5c55585b8-cxprc\":{\"url\":\"http://10.11.4.70:3000\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/promo\":{\"servers\":{\"promo-api-service-7d5968c556-rrfk2\":{\"url\":\"http://10.11.3.53:9189\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/anotherservice\":{\"servers\":{\"anotherservice-7856788888-dwnjc\":{\"url\":\"http://10.11.4.4:8762\",\"weight\":1},\"anotherservice-7856788888-kczj5\":{\"url\":\"http://10.11.3.9:8762\",\"weight\":1},\"anotherservice-7856788888-sxtzt\":{\"url\":\"http://10.11.5.6:8762\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/sockjs-node\":{\"servers\":{\"myservice-5c55585b8-cxprc\":{\"url\":\"http://10.11.4.70:3000\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/static\":{\"servers\":{\"myservice-5c55585b8-cxprc\":{\"url\":\"http://10.11.4.70:3000\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/traefik\":{\"servers\":{\"traefik-ingress-controller-5945dd5fbf-hkt6p\":{\"url\":\"http://10.11.3.99:8080\",\"weight\":1},\"traefik-ingress-controller-5945dd5fbf-xd5b6\":{\"url\":\"http://10.11.4.88:8080\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}}},\"frontends\":{\"/fe\":{\"entryPoints\":[\"http\"],\"backend\":\"/fe\",\"routes\":{\"/fe\":{\"rule\":\"PathPrefixStrip:/fe\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null,\"whiteList\":{\"sourceRange\":[\"<whitelisted-ip-subnet>/24\",\"<whitelisted-ip-subnet>/24\"],\"useXForwardedFor\":true}},\"/promo\":{\"entryPoints\":[\"http\"],\"backend\":\"/promo\",\"routes\":{\"/promo\":{\"rule\":\"PathPrefix:/promo\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/anotherservice\":{\"entryPoints\":[\"http\"],\"backend\":\"/anotherservice\",\"routes\":{\"/anotherservice\":{\"rule\":\"PathPrefixStrip:/anotherservice\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/sockjs-node\":{\"entryPoints\":[\"http\"],\"backend\":\"/sockjs-node\",\"routes\":{\"/sockjs-node\":{\"rule\":\"PathPrefix:/sockjs-node\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/static\":{\"entryPoints\":[\"http\"],\"backend\":\"/static\",\"routes\":{\"/static\":{\"rule\":\"PathPrefix:/static\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/traefik\":{\"entryPoints\":[\"http\"],\"backend\":\"/traefik\",\"routes\":{\"/traefik\":{\"rule\":\"PathPrefixStrip:/traefik\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null}}}"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/other-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/whitelist-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/traefik-dashboard-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/frontend-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints"
time="2019-03-01T13:57:17Z" level=debug msg="Received Kubernetes event kind *v1.Endpoints"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/whitelist-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/traefik-dashboard-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/frontend-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/service-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/other-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints"
time="2019-03-01T13:57:17Z" level=debug msg="Received Kubernetes event kind *v1.Endpoints"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/frontend-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/service-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/other-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/whitelist-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping updating Ingress default/traefik-dashboard-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:17Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints"
time="2019-03-01T13:57:18Z" level=debug msg="Wiring frontend /fe to entryPoint http"
time="2019-03-01T13:57:18Z" level=debug msg="Creating backend /fe"
time="2019-03-01T13:57:18Z" level=debug msg="configured IP white list: [<whitelisted-ip-subnet>/24 <whitelisted-ip-subnet>/24]"
time="2019-03-01T13:57:18Z" level=debug msg="Configured IP Whitelists: [<whitelisted-ip-subnet>/24 <whitelisted-ip-subnet>/24]"
time="2019-03-01T13:57:18Z" level=debug msg="Adding TLSClientHeaders middleware for frontend /fe"
time="2019-03-01T13:57:18Z" level=debug msg="Creating load-balancer wrr"
time="2019-03-01T13:57:18Z" level=debug msg="Creating server myservice-5c55585b8-cxprc at http://10.11.4.70:3000 with weight 1"
time="2019-03-01T13:57:18Z" level=debug msg="Creating route /fe PathPrefixStrip:/fe"
time="2019-03-01T13:57:18Z" level=debug msg="Wiring frontend /promo to entryPoint http"
time="2019-03-01T13:57:18Z" level=debug msg="Creating backend /promo"
time="2019-03-01T13:57:18Z" level=debug msg="Adding TLSClientHeaders middleware for frontend /promo"
time="2019-03-01T13:57:18Z" level=debug msg="Creating load-balancer wrr"
time="2019-03-01T13:57:18Z" level=debug msg="Creating server promo-api-service-7d5968c556-rrfk2 at http://10.11.3.53:9189 with weight 1"
time="2019-03-01T13:57:18Z" level=debug msg="Creating route /promo PathPrefix:/promo"
time="2019-03-01T13:57:18Z" level=debug msg="Wiring frontend /anotherservice to entryPoint http"
time="2019-03-01T13:57:18Z" level=debug msg="Creating backend /anotherservice"
time="2019-03-01T13:57:18Z" level=debug msg="Adding TLSClientHeaders middleware for frontend /anotherservice"
time="2019-03-01T13:57:18Z" level=debug msg="Creating load-balancer wrr"
time="2019-03-01T13:57:18Z" level=debug msg="Creating server anotherservice-7856788888-kczj5 at http://10.11.3.9:8762 with weight 1"
time="2019-03-01T13:57:18Z" level=debug msg="Creating server anotherservice-7856788888-sxtzt at http://10.11.5.6:8762 with weight 1"
time="2019-03-01T13:57:18Z" level=debug msg="Creating server anotherservice-7856788888-dwnjc at http://10.11.4.4:8762 with weight 1"
time="2019-03-01T13:57:18Z" level=debug msg="Creating route /anotherservice PathPrefixStrip:/anotherservice"
time="2019-03-01T13:57:18Z" level=debug msg="Wiring frontend /sockjs-node to entryPoint http"
time="2019-03-01T13:57:18Z" level=debug msg="Creating backend /sockjs-node"
time="2019-03-01T13:57:18Z" level=debug msg="Adding TLSClientHeaders middleware for frontend /sockjs-node"
time="2019-03-01T13:57:18Z" level=debug msg="Creating load-balancer wrr"
time="2019-03-01T13:57:18Z" level=debug msg="Creating server myservice-5c55585b8-cxprc at http://10.11.4.70:3000 with weight 1"
time="2019-03-01T13:57:18Z" level=debug msg="Creating route /sockjs-node PathPrefix:/sockjs-node"
time="2019-03-01T13:57:18Z" level=debug msg="Wiring frontend /static to entryPoint http"
time="2019-03-01T13:57:18Z" level=debug msg="Creating backend /static"
time="2019-03-01T13:57:18Z" level=debug msg="Adding TLSClientHeaders middleware for frontend /static"
time="2019-03-01T13:57:18Z" level=debug msg="Creating load-balancer wrr"
time="2019-03-01T13:57:18Z" level=debug msg="Creating server myservice-5c55585b8-cxprc at http://10.11.4.70:3000 with weight 1"
time="2019-03-01T13:57:18Z" level=debug msg="Creating route /static PathPrefix:/static"
time="2019-03-01T13:57:18Z" level=debug msg="Wiring frontend /traefik to entryPoint http"
time="2019-03-01T13:57:18Z" level=debug msg="Creating backend /traefik"
time="2019-03-01T13:57:18Z" level=debug msg="Adding TLSClientHeaders middleware for frontend /traefik"
time="2019-03-01T13:57:18Z" level=debug msg="Creating load-balancer wrr"
time="2019-03-01T13:57:18Z" level=debug msg="Creating server traefik-ingress-controller-5945dd5fbf-hkt6p at http://10.11.3.99:8080 with weight 1"
time="2019-03-01T13:57:18Z" level=debug msg="Creating server traefik-ingress-controller-5945dd5fbf-xd5b6 at http://10.11.4.88:8080 with weight 1"
time="2019-03-01T13:57:18Z" level=debug msg="Creating route /traefik PathPrefixStrip:/traefik"
time="2019-03-01T13:57:18Z" level=info msg="Server configuration reloaded on :80"
time="2019-03-01T13:57:19Z" level=debug msg="Configuration received from provider kubernetes: {\"backends\":{\"/fe\":{\"servers\":{\"myservice-5c55585b8-cxprc\":{\"url\":\"http://10.11.4.70:3000\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/promo\":{\"servers\":{\"promo-api-service-7d5968c556-rrfk2\":{\"url\":\"http://10.11.3.53:9189\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/anotherservice\":{\"servers\":{\"anotherservice-7856788888-dwnjc\":{\"url\":\"http://10.11.4.4:8762\",\"weight\":1},\"anotherservice-7856788888-kczj5\":{\"url\":\"http://10.11.3.9:8762\",\"weight\":1},\"anotherservice-7856788888-sxtzt\":{\"url\":\"http://10.11.5.6:8762\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/sockjs-node\":{\"servers\":{\"myservice-5c55585b8-cxprc\":{\"url\":\"http://10.11.4.70:3000\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/static\":{\"servers\":{\"myservice-5c55585b8-cxprc\":{\"url\":\"http://10.11.4.70:3000\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"/traefik\":{\"servers\":{\"traefik-ingress-controller-5945dd5fbf-69jkg\":{\"url\":\"http://10.11.5.90:8080\",\"weight\":1},\"traefik-ingress-controller-5945dd5fbf-hkt6p\":{\"url\":\"http://10.11.3.99:8080\",\"weight\":1},\"traefik-ingress-controller-5945dd5fbf-xd5b6\":{\"url\":\"http://10.11.4.88:8080\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}}},\"frontends\":{\"/fe\":{\"entryPoints\":[\"http\"],\"backend\":\"/fe\",\"routes\":{\"/fe\":{\"rule\":\"PathPrefixStrip:/fe\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null,\"whiteList\":{\"sourceRange\":[\"<whitelisted-ip-subnet>/24\",\"<whitelisted-ip-subnet>/24\"],\"useXForwardedFor\":true}},\"/promo\":{\"entryPoints\":[\"http\"],\"backend\":\"/promo\",\"routes\":{\"/promo\":{\"rule\":\"PathPrefix:/promo\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/anotherservice\":{\"entryPoints\":[\"http\"],\"backend\":\"/anotherservice\",\"routes\":{\"/anotherservice\":{\"rule\":\"PathPrefixStrip:/anotherservice\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/sockjs-node\":{\"entryPoints\":[\"http\"],\"backend\":\"/sockjs-node\",\"routes\":{\"/sockjs-node\":{\"rule\":\"PathPrefix:/sockjs-node\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/static\":{\"entryPoints\":[\"http\"],\"backend\":\"/static\",\"routes\":{\"/static\":{\"rule\":\"PathPrefix:/static\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null},\"/traefik\":{\"entryPoints\":[\"http\"],\"backend\":\"/traefik\",\"routes\":{\"/traefik\":{\"rule\":\"PathPrefixStrip:/traefik\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null}}}"
time="2019-03-01T13:57:19Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints"
time="2019-03-01T13:57:19Z" level=debug msg="Received Kubernetes event kind *v1.Endpoints"
time="2019-03-01T13:57:19Z" level=debug msg="Skipping updating Ingress default/traefik-dashboard-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:19Z" level=debug msg="Skipping updating Ingress default/frontend-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:19Z" level=debug msg="Skipping updating Ingress default/service-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:19Z" level=debug msg="Skipping updating Ingress default/other-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:19Z" level=debug msg="Skipping updating Ingress default/whitelist-ingress due to service default/anotherservice having no status set"
time="2019-03-01T13:57:19Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints"
time="2019-03-01T13:57:20Z" level=debug msg="Wiring frontend /fe to entryPoint http"
time="2019-03-01T13:57:20Z" level=debug msg="Creating backend /fe"
time="2019-03-01T13:57:20Z" level=debug msg="configured IP white list: [<whitelisted-ip-subnet>/24 <whitelisted-ip-subnet>/24]"
time="2019-03-01T13:57:20Z" level=debug msg="Configured IP Whitelists: [<whitelisted-ip-subnet>/24 <whitelisted-ip-subnet>/24]"
time="2019-02-28T08:49:02Z" level=debug msg="request &{Method:GET URL:/ Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36] Dnt:[1] Accept-Encoding:[gzip, deflate, br] X-Forwarded-Prefix:[/<my-path>] Connection:[keep-alive] Cache-Control:[max-age=0] Authorization:[Basic YWRtaW46YWRtaW4=] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Language:[en-US,en;q=0.9,it;q=0.8]] Body:{} GetBody:<nil> ContentLength:0 TransferEncoding:[] Close:false Host:10.29.5.13 Form:map[] PostForm:map[] MultipartForm:<nil> Trailer:map[] RemoteAddr:<load-balancer-ip>:50846 RequestURI:/ TLS:<nil> Cancel:<nil> Response:<nil> ctx:0xc000baf440} - rejecting: \"<load-balancer-ip>:50846\" matched none of the white list

0 个答案:

没有答案