[英]View client ip address in kubernetes logs when using load balancer
I am hosting my application on GKE.我在 GKE 上托管我的应用程序。 The kubectl version installed in the server is
v1.10.11-gke.1
and nginx-ingress is nginx-ingress-0.28.2
服务器安装的kubectl版本是
v1.10.11-gke.1
,nginx-ingress是nginx-ingress-0.28.2
I would like to see the client IP address in my logs.我想在我的日志中看到客户端 IP 地址。 For now, I can only see the pod IP address for example:
目前,我只能看到 pod IP 地址,例如:
2019-02-14 15:17:21.000 EAT 10.60.1.1 - [10.60.1.1] - - [14/Feb/2019:12:17:21 +0000] "GET /user HTTP/2.0" 404 9 "-" "Mozilla/5.0 (Macintosh;
My service has tls managed by letsencrypt.我的服务有由 letencrypt 管理的 tls。 How can I get the client IP address on the logs?
如何在日志中获取客户端 IP 地址?
I reproduced the behavior you observed in a test.我重现了您在测试中观察到的行为。 In my own container logs, on a job running with an nginx-ingress controller, we can only see the internal IP address assuming that nginx-ingress-controller service YAML file is set to:
在我自己的容器日志中,在使用 nginx-ingress 控制器运行的作业上,我们只能看到内部 IP 地址,假设 nginx-ingress-controller 服务 YAML 文件设置为:
externalTrafficPolicy: Cluster
Setting traffic to 'Cluster” means that all the nodes can receive the requests.将流量设置为“集群”意味着所有节点都可以接收请求。 'Cluster obscures the client source IP', the requests also could be SNAT'd to a node that has the running pod.
“集群掩盖了客户端源 IP”,请求也可以通过SNAT发送到具有正在运行的 pod 的节点。
However, If you change:但是,如果您更改:
externalTrafficPolicy: Local
The client source IP are exposed.客户端源 IP 已公开。 “Local” preserves the client source IP but may cause imbalanced traffic spreading.This due to the fact that only the Nodes that are running the pods will be considered healthy by the network load balancer.
“本地”保留客户端源 IP,但可能会导致不平衡的流量传播。这是因为只有运行 Pod 的节点才会被网络负载均衡器认为是健康的。 The requests will be sent only to healthy nodes.
请求将仅发送到健康节点。
Some background explanation on how to preserve source IP in your containers and some further reading on the hops for source IP for services with Type=Nodeport can be useful to understand what is happening.关于如何在容器中保留源 IP 的一些背景解释以及有关Type=Nodeport服务的源 IP 跃点的一些进一步阅读对于了解正在发生的事情非常有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.