时间戳

首页 > 解决方案 > 如何在 pod 上获取客户端的公共 IP?

kubernetes - 如何在 pod 上获取客户端的公共 IP?

问题描述

我有一个基于 Python-Flask 的应用程序。我想在客户访问我的入口端点时获取他们的公共 IP。

我已经尝试将 externalTrafficPolicy 更改为 Local 和 Cluster。

我的 Pod YAML 文件

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: webplatform
  name: webplatform-deployment-6d68c99fc7-xlb8j
  namespace: prod
spec:
  containers:
  - command:
    - python
    - /app/app.py
    envFrom:
    - secretRef:
        name: webplatform-secret
        optional: false
    image: docker.fuchicorp.com/webplatform-prod:0.5
    imagePullPolicy: Always
    name: webplatform-container
  imagePullSecrets:
  - name: nexus-creds
  serviceAccount: webplatform-service-account
  serviceAccountName: webplatform-service-account

我的服务 YAML 文件

apiVersion: v1
kind: Service
metadata:
  name: webplatform-service
  namespace: prod
spec:
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 32744
    port: 7101
    protocol: TCP
    targetPort: 5000
  selector:
    run: webplatform
  sessionAffinity: None
  type: NodePort

我的 Ingress 资源 YAML 文件

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/cluster-issuer: letsencrypt-fuchicorp-prod
    kubernetes.io/ingress.class: nginx
  generation: 2
  name: ingress-webplaform
  namespace: prod
spec:
  rules:
  - host: academy.fuchicorp.com
    http:
      paths:
      - backend:
          serviceName: webplatform-service
          servicePort: 7101
  tls:
  - hosts:
    - academy.fuchicorp.com
    secretName: letsencrypt-sec-webplatform-prod

当我看到日志时,我在日志上看到了 Ingress-Controllers IP

INFO: 10.16.0.16 - - [28/Sep/2019 20:06:12] "GET / HTTP/1.1" 200 -

标签: kuberneteskubernetes-ingressnginx-ingress

解决方案

TL;DR

client IP should be available via the X-Forwarded-For HTTP header

It should be provided by the load balancer (the ingress controller). Assuming your cluster is running on the cloud (aws, gcp, etc.), you get the client IP via the X-Forwarded-For HTTP header.

If its an on-prem k8s cluster (you run it on your own private cloud/ local machine), configure your load-balancer to do that- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream

推荐阅读