我有一个基于Python-Flask的应用程序。我希望在客户端访问我的入口端点时获得客户端公共IP。
我已经尝试将externalTrafficPolicy更改为Local和Cluster。
我的Pod YAML文件
apiVersion: v1
kind: Pod
metadata:
labels:
run: webplatform
name: webplatform-deployment-6d68c99fc7-xlb8j
namespace: prod
spec:
containers:
- command:
- python
- /app/app.py
envFrom:
- secretRef:
name: webplatform-secret
optional: false
image: docker.fuchicorp.com/webplatform-prod:0.5
imagePullPolicy: Always
name: webplatform-container
imagePullSecrets:
- name: nexus-creds
serviceAccount: webplatform-service-account
serviceAccountName: webplatform-service-account
我的服务YAML文件
apiVersion: v1
kind: Service
metadata:
name: webplatform-service
namespace: prod
spec:
externalTrafficPolicy: Cluster
ports:
- nodePort: 32744
port: 7101
protocol: TCP
targetPort: 5000
selector:
run: webplatform
sessionAffinity: None
type: NodePort
我的Ingress资源YAML文件
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/cluster-issuer: letsencrypt-fuchicorp-prod
kubernetes.io/ingress.class: nginx
generation: 2
name: ingress-webplaform
namespace: prod
spec:
rules:
- host: academy.fuchicorp.com
http:
paths:
- backend:
serviceName: webplatform-service
servicePort: 7101
tls:
- hosts:
- academy.fuchicorp.com
secretName: letsencrypt-sec-webplatform-prod
当我看到日志时,我看到日志中的Ingress-Controllers IP
INFO: 10.16.0.16 - - [28/Sep/2019 20:06:12] "GET / HTTP/1.1" 200 -
答案 0 :(得分:1)
客户端IP应该通过X-Forwarded-For HTTP标头提供
应由负载平衡器(入口控制器)提供。假设您的群集正在云(aws,gcp等)上运行,则可以通过X-Forwarded-For HTTP标头获得客户端IP。
如果它是本地k8s集群(您在自己的私有云/本地计算机上运行),请配置负载均衡器以执行以下操作- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream