向外部服务器请求时如何代理 Kubernetes 容器中的 IP 地址

Question

I am trying to make a GET request to a foreign server. But the foreign server requires our IP address for security purposes.

Now the problem is I am running my app inside Kubernetes' pod with three nodes. When I send the request, it takes the IP address of one of the kubernetes nodes. I could add static IP addresses to all my nodes. But from what I have learned, best practice is to only release the Gateway(ingress) IP address to the outside world. Everything else should be hidden.

So I tried to proxy my axios request like this:

var res = await axios.get('https://someapi.com', {
    proxy: {
        host: 'ingressIP', //static ip
        port: 80
    }
});

But the request still returns an error saying that the IP is not allowed. It returned the IP address of the kubernetes node, where my POD was in.

Answer 1

I am not sure, that you will be able to pass your traffic through ingress somehow.

We also had the same problem. We needed to send requests to a third-party server from a specific IP-address.

But we solved this a bit different, we just created a new small server with static IP, installed Squid proxy server there and configured our applications to use Squid server as an HTTP forward proxy.

Answer 2

Squid has a lot of features, and IMO is quite bloated for such a simple use-case; I'd suggest something more lightweight, like tinyproxy (docker image here ). So what you can do is create a Deployment using that image, pin it to a specific node (the one with the IP that the 3rd party API allows) using nodeSelector , create a Service pointing to it, and use that as a proxy in your requests. There's one drawback to this approach, though - you just added a(nother) single point of failure to your infrastructure.