英文:
How do i get client ip with kubernetes?
问题
我正在尝试从Kubernetes中获取真实的客户端IP。很多人说我应该在我的Kubernetes设置中加入externalTrafficPolicy: Local,但问题是我甚至不知道在哪里加入它,并且一直得到错误。这是我的代码yaml文件:
apiVersion: apps/v1
kind: Deployment
metadata:
name: <DEV_GCP_APP_NAME>
labels:
app: <DEV_GCP_APP_NAME>
spec:
// 当我在这里加入externalTrafficPolicy: Local时,它会显示io.k8s.api.apps.v1.DeploymentSpec中的未知字段"externalTrafficPolicy"
replicas: 1
selector:
matchLabels:
app: <DEV_GCP_APP_NAME>
template:
metadata:
labels:
app: <DEV_GCP_APP_NAME>
spec:
// 当我在这里加入externalTrafficPolicy: Local时,它会显示io.k8s.api.core.v1.PodSpec中的未知字段"externalTrafficPolicy"
containers:
- name: <DEV_GCP_APP_NAME>
image: gcr.io/<DEV_GCP_PROJECT_NAME>/<DEV_GCP_APP_NAME>:<CI_PIPELINE_ID>
env:
- name: DB_USER
valueFrom:
secretKeyRef:
name: data-service-project
key: db_user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: data-service-project
key: db_pass
- name: DB_HOST
valueFrom:
secretKeyRef:
name: data-service-project
key: db_host
- name: DB_PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: db_port
- name: DB_NAME
valueFrom:
secretKeyRef:
name: data-service-project
key: db_name
- name: PG_USER
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_user
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_password
- name: PG_HOST
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_host
- name: PG_PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_port
- name: PG_NAME
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_name
- name: PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: port
- name: TOKEN_SECRET
valueFrom:
secretKeyRef:
name: data-service-project
key: token_secret
- name: COOKIES_SECRET
valueFrom:
secretKeyRef:
name: data-service-project
key: cookies_secret
- name: GIN_MODE
value: debug
- name: DISABLE_EXTERNAL_SERVICE
value: 'false'
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.16
command: [ "/cloud_sql_proxy",
"-instances=<DEV_GCP_DB_INSTANCE>",
"-credential_file=/secrets/cloudsql/sql_credentials.json" ]
volumeMounts:
- name: my-secrets-volume
mountPath: /secrets/cloudsql
readOnly: true
volumes:
- name: my-secrets-volume
secret:
secretName: cloudsql-instance-credentials
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
name: <DEV_GCP_APP_NAME>-certificate
spec:
domains:
- <DEV_GCP_APP_URL>
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: <DEV_GCP_APP_NAME>-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: <DEV_GCP_APP_NAME>-static-ip
networking.gke.io/managed-certificates: <DEV_GCP_APP_NAME>-certificate
spec:
backend:
serviceName: <DEV_GCP_APP_NAME>-service
servicePort: 80
// 当我在这里加入externalTrafficPolicy: Local时,它会显示io.k8s.api.networking.v1beta1.IngressBackend中的未知字段"externalTrafficPolicy"
我应该在哪里放置这些externalTrafficPolicy的内容?有人可以帮助我吗?谢谢大家 
英文:
I'm trying to get real client ip from using kubernetes. Many people said i should put externalTrafficPolicy: Local on my kubernetes settings, the question is i dont even know where to put it and keep getting errors. Here is my code yaml file
apiVersion: apps/v1
kind: Deployment
metadata:
name: <DEV_GCP_APP_NAME>
labels:
app: <DEV_GCP_APP_NAME>
spec:
// when i put externalTrafficPolicy: Local here it says unknown field "externalTrafficPolicy" in io.k8s.api.apps.v1.DeploymentSpec
replicas: 1
selector:
matchLabels:
app: <DEV_GCP_APP_NAME>
template:
metadata:
labels:
app: <DEV_GCP_APP_NAME>
spec:
// when i put externalTrafficPolicy: Local here it says unknown field "externalTrafficPolicy" in io.k8s.api.core.v1.PodSpec
containers:
- name: <DEV_GCP_APP_NAME>
image: gcr.io/<DEV_GCP_PROJECT_NAME>/<DEV_GCP_APP_NAME>:<CI_PIPELINE_ID>
env:
- name: DB_USER
valueFrom:
secretKeyRef:
name: data-service-project
key: db_user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: data-service-project
key: db_pass
- name: DB_HOST
valueFrom:
secretKeyRef:
name: data-service-project
key: db_host
- name: DB_PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: db_port
- name: DB_NAME
valueFrom:
secretKeyRef:
name: data-service-project
key: db_name
- name: PG_USER
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_user
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_password
- name: PG_HOST
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_host
- name: PG_PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_port
- name: PG_NAME
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_name
- name: PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: port
- name: TOKEN_SECRET
valueFrom:
secretKeyRef:
name: data-service-project
key: token_secret
- name: COOKIES_SECRET
valueFrom:
secretKeyRef:
name: data-service-project
key: cookies_secret
- name: GIN_MODE
value: debug
- name: DISABLE_EXTERNAL_SERVICE
value: 'false'
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.16
command: [ "/cloud_sql_proxy",
"-instances=<DEV_GCP_DB_INSTANCE>",
"-credential_file=/secrets/cloudsql/sql_credentials.json" ]
volumeMounts:
- name: my-secrets-volume
mountPath: /secrets/cloudsql
readOnly: true
volumes:
- name: my-secrets-volume
secret:
secretName: cloudsql-instance-credentials
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
name: <DEV_GCP_APP_NAME>-certificate
spec:
domains:
- <DEV_GCP_APP_URL>
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: <DEV_GCP_APP_NAME>-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: <DEV_GCP_APP_NAME>-static-ip
networking.gke.io/managed-certificates: <DEV_GCP_APP_NAME>-certificate
spec:
backend:
serviceName: <DEV_GCP_APP_NAME>-service
servicePort: 80
// when i put externalTrafficPolicy: Local here it says unknown field "externalTrafficPolicy" in io.k8s.api.networking.v1beta1.IngressBackend
Where i should put this externalTrafficPolicy things ? Can someone help me please. Thanks guys
答案1
得分: 1
externalTrafficPolicy 应该放在服务规范(service spec)下面:
kind: Service
...
spec:
externalTrafficPolicy: Local
有关保留客户端源 IP 地址的更详细文档和示例,请参阅 Kubernetes 文档。
英文:
externalTrafficPolicy belongs under service spec:
kind: Service
...
spec:
externalTrafficPolicy: Local
See more detailed documentation for preserving client source IP address and example in Kubernetes documentation.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论