当 python 代码在 kube.netes pod 中运行时,如何获取客户端 IP 地址?
[英]How to get client IP address when the python code is running inside a kubernetes pod?
问题描述
import uvicorn
app = FastAPI()
@app.get("/items/{item_id}")
def read_root(item_id: str, request: Request):
client_host = request.client.host
f= open("ipadress.txt","a+")
f.write(client_host+"\n")
f.close()
return {"client_host": client_host, "item_id": item_id}
if __name__ == "__main__":
uvicorn.run(app, host="0.0.0.0", forwarded_allow_ips="*")
The above is the python code which is hosted using uvicorn.
以上是使用 uvicorn 托管的 python 代码。 When I run the code inside a docker container, it returns the correct client IP. But, when I host the same code on Kube.netes cluster using minikube the IP address which is returned is the localhost IP (127.0.0.1)当我在 docker 容器内运行代码时,它返回正确的客户端 IP。但是,当我使用 minikube 在 Kube.netes 集群上托管相同的代码时,返回的 IP 地址是本地主机 IP (127.0.0.1)
The docker command used to run the above code image is docker run -it -p 8080:8000 <image-name> I have exposed port 8080 to reach to the service from Virtual Machine用于运行上述代码图像的 docker 命令是docker run -it -p 8080:8000 <image-name>我已经公开端口 8080 以从虚拟机访问服务
The kube.netes command used to expose the service is kubectl port-forward --address 0.0.0.0 services/sample-deploy 8080:80用于暴露服务的kube.netes命令是kubectl port-forward --address 0.0.0.0 services/sample-deploy 8080:80
The service.yaml for kube.netes is kube.netes 的 service.yaml 是
apiVersion: v1
kind: Service
metadata:
name: sample-deploy
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: sample-deploy
I also tried to access the service using LoadBalancer where the service can be accessed using an External IP yet I am not able to get the real client IP address.我还尝试使用 LoadBalancer 访问该服务,其中可以使用外部 IP 访问该服务,但我无法获得真实的客户端 IP 地址。 I think the IP address is masked in the kube.netes cluster.我认为 IP 地址在 kube.netes 集群中被屏蔽了。
2 个解决方案
解决方案1
1 已采纳 2021-09-28 08:27:27
When you do a port-forward you create a tunnel from your local machine to the container.当您执行port-forward时,您会创建一条从本地机器到容器的隧道。 So, the connection is seen in the container as if it is coming from the local machine (hence the 127.0.0.1 ).因此,连接在容器中被视为来自本地机器(因此是127.0.0.1 )。 Port forwarding is usually just used for debugging purposes.端口转发通常仅用于调试目的。
The typical way to access your application would be via a service of type LoadBalancer or via the Kube.netes ingress concept.访问应用程序的典型方式是通过LoadBalancer类型的服务或通过Kube.netes 入口概念。 In both cases you should get the correct client IP address.在这两种情况下,您都应该获得正确的客户端 IP 地址。 For the ingress the client IP is usually provided via a HTTP header (by the ingress load balancer/reverse proxy).对于入口,客户端 IP 通常通过 HTTP header(由入口负载均衡器/反向代理)提供。 Most ingress controllers use X-Forwarded-For .大多数入口控制器使用X-Forwarded-For 。 This header is usually picked up by the web app frameworks when checking for the client IP.这个 header 通常在检查客户端 IP 时由 web 应用框架获取。
解决方案2
0 2021-10-09 07:13:03
In the service YAML file, the externalTrafficPolicy should be set to Local so that the IP address is retained.在服务YAML文件中,externalTrafficPolicy应该设置为Local,这样IP地址就保留下来了。 The externalTrafficPolicy can be used only with NodePort or LoadBalancer types. externalTrafficPolicy 只能与 NodePort 或 LoadBalancer 类型一起使用。
apiVersion: v1
kind: Service
metadata:
name: sample-deploy
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- port: 80
selector:
app: sample-deploy
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.