Configuring Kubernetes Ingress Nginx to Preserve Client IP Address from Cloudflare Worker.

huangapple go评论76阅读模式
英文:

Configuring Kubernetes Ingress Nginx to Preserve Client IP Address from Cloudflare Worker

问题

关于我的Kubernetes设置,我正在使用Nginx Ingress控制器。为了处理传入的请求,我利用Cloudflare worker与我的Kubernetes集群交互。该worker发送带有以下头部的请求:

X-Forwarded-For: xxx.xxx.xxx.xxx, xxx2.xxx2.xxx2.xxx2

在这个头部中:

xxx.xxx.xxx.xxx 代表真实IP地址。
xxx2.xxx2.xxx2.xxx2 代表Cloudflare worker的IP地址。

然而,通过检查Kubernetes集群中的Pod(使用tcpdump),我注意到接收到的头部如下:

X-Real-IP: xxx2.xxx2.xxx2.xxx2
X-Forwarded-For: xxx2.xxx2.xxx2.xxx2
X-Original-Forwarded-For: xxx.xxx.xxx.xxx, xxx2.xxx2.xxx2.xxx2

我想确保实际客户端IP地址(xxx.xxx.xxx.xxx)在Pod内通过X-Forwarded-For头部可用。我该如何实现这一点?

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress2
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.org/client-max-body-size: "100m"
    nginx.org/proxy-connect-timeout: 300s
    nginx.org/proxy-read-timeout: 300s
    nginx.org/proxy-send-timeout: 300s
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
spec:
  rules:
    - host: test.com
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: myservice
                port:
                  number: xxxx
---
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  name: nginx-configuration
  namespace: default
data:
    use-forwarded-headers: "true"
    compute-full-forwarded-for: "true"
    use-proxy-protocol: "true"

(注意:我已经翻译了代码部分,其他部分已经按您要求翻译并返回。)

英文:

Regarding my Kubernetes setup, I am using the Nginx Ingress controller. To handle incoming requests, I utilize a Cloudflare worker to interact with my Kubernetes cluster. The worker sends a request with the following header:

X-Forwarded-For: xxx.xxx.xxx.xxx, xxx2.xxx2.xxx2.xxx2

In this header:

xxx.xxx.xxx.xxx represents the real IP address.
xxx2.xxx2.xxx2.xxx2 represents the Cloudflare worker IP address.

However, upon inspecting the pods inside the Kubernetes cluster (tcpdump), I notice that the headers received are as follows:

X-Real-IP: xxx2.xxx2.xxx2.xxx2
X-Forwarded-For: xxx2.xxx2.xxx2.xxx2
X-Original-Forwarded-For: xxx.xxx.xxx.xxx,xxx2.xxx2.xxx2.xxx2

I want to ensure that the actual client IP address (xxx.xxx.xxx.xxx) is available inside the pods by the X-Forwarded-For header. How can I achieve this?

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress2
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.org/client-max-body-size: "100m"
    nginx.org/proxy-connect-timeout: 300s
    nginx.org/proxy-read-timeout: 300s
    nginx.org/proxy-send-timeout: 300s
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
spec:
  rules:


    - host: test.com
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: myservice
                port:
                  number: xxxx


---
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  name: nginx-configuration
  namespace: default
data:
    use-forwarded-headers: "true"
    compute-full-forwarded-for: "true"
    use-proxy-protocol: "true"

答案1

得分: 1

Here is the translated content:

找到答案:

您需要覆盖nginx配置文件,具体信息请参考https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/custom-template/。

或者使用以下配置映射:

apiVersion: v1
data:
  allow-snippet-annotations: "true"
  enable-real-ip: "true"
  compute-full-forwarded-for: "true"
  use-forwarded-headers: "true"
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.7.1
  name: ingress-nginx-controller
  namespace: ingress-nginx

请注意,这是关于如何配置nginx的信息。

英文:

Found the answer:

You need to override nginx conf file https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/custom-template/

Or have a config map like:

apiVersion: v1
data:
  allow-snippet-annotations: "true"
  enable-real-ip: "true"
  compute-full-forwarded-for: "true"
  use-forwarded-headers: "true"
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.7.1
  name: ingress-nginx-controller
  namespace: ingress-nginx

huangapple
  • 本文由 发表于 2023年8月5日 00:31:56
  • 转载请务必保留本文链接:https://go.coder-hub.com/76837736.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定