英文:
Configuring Kubernetes Ingress Nginx to Preserve Client IP Address from Cloudflare Worker
问题
关于我的Kubernetes设置,我正在使用Nginx Ingress控制器。为了处理传入的请求,我利用Cloudflare worker与我的Kubernetes集群交互。该worker发送带有以下头部的请求:
X-Forwarded-For: xxx.xxx.xxx.xxx, xxx2.xxx2.xxx2.xxx2
在这个头部中:
xxx.xxx.xxx.xxx 代表真实IP地址。
xxx2.xxx2.xxx2.xxx2 代表Cloudflare worker的IP地址。
然而,通过检查Kubernetes集群中的Pod(使用tcpdump),我注意到接收到的头部如下:
X-Real-IP: xxx2.xxx2.xxx2.xxx2
X-Forwarded-For: xxx2.xxx2.xxx2.xxx2
X-Original-Forwarded-For: xxx.xxx.xxx.xxx, xxx2.xxx2.xxx2.xxx2
我想确保实际客户端IP地址(xxx.xxx.xxx.xxx)在Pod内通过X-Forwarded-For头部可用。我该如何实现这一点?
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: demo-ingress2
annotations:
kubernetes.io/ingress.class: nginx
nginx.org/client-max-body-size: "100m"
nginx.org/proxy-connect-timeout: 300s
nginx.org/proxy-read-timeout: 300s
nginx.org/proxy-send-timeout: 300s
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
spec:
rules:
- host: test.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: myservice
port:
number: xxxx
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: nginx-configuration
namespace: default
data:
use-forwarded-headers: "true"
compute-full-forwarded-for: "true"
use-proxy-protocol: "true"
(注意:我已经翻译了代码部分,其他部分已经按您要求翻译并返回。)
英文:
Regarding my Kubernetes setup, I am using the Nginx Ingress controller. To handle incoming requests, I utilize a Cloudflare worker to interact with my Kubernetes cluster. The worker sends a request with the following header:
X-Forwarded-For: xxx.xxx.xxx.xxx, xxx2.xxx2.xxx2.xxx2
In this header:
xxx.xxx.xxx.xxx represents the real IP address.
xxx2.xxx2.xxx2.xxx2 represents the Cloudflare worker IP address.
However, upon inspecting the pods inside the Kubernetes cluster (tcpdump), I notice that the headers received are as follows:
X-Real-IP: xxx2.xxx2.xxx2.xxx2
X-Forwarded-For: xxx2.xxx2.xxx2.xxx2
X-Original-Forwarded-For: xxx.xxx.xxx.xxx,xxx2.xxx2.xxx2.xxx2
I want to ensure that the actual client IP address (xxx.xxx.xxx.xxx) is available inside the pods by the X-Forwarded-For header. How can I achieve this?
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: demo-ingress2
annotations:
kubernetes.io/ingress.class: nginx
nginx.org/client-max-body-size: "100m"
nginx.org/proxy-connect-timeout: 300s
nginx.org/proxy-read-timeout: 300s
nginx.org/proxy-send-timeout: 300s
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
spec:
rules:
- host: test.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: myservice
port:
number: xxxx
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: nginx-configuration
namespace: default
data:
use-forwarded-headers: "true"
compute-full-forwarded-for: "true"
use-proxy-protocol: "true"
答案1
得分: 1
Here is the translated content:
找到答案:
您需要覆盖nginx配置文件,具体信息请参考https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/custom-template/。
或者使用以下配置映射:
apiVersion: v1
data:
allow-snippet-annotations: "true"
enable-real-ip: "true"
compute-full-forwarded-for: "true"
use-forwarded-headers: "true"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller
namespace: ingress-nginx
请注意,这是关于如何配置nginx的信息。
英文:
Found the answer:
You need to override nginx conf file https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/custom-template/
Or have a config map like:
apiVersion: v1
data:
allow-snippet-annotations: "true"
enable-real-ip: "true"
compute-full-forwarded-for: "true"
use-forwarded-headers: "true"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.7.1
name: ingress-nginx-controller
namespace: ingress-nginx
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论