堆栈内存溢出
  简体   繁体   English

如何在 Kubernetes 上使用 GKE 入口 controller 保留客户端 IP 地址?

[英]How to preserve Client IP Address with GKE Ingress controller on Kubernetes?

 原文  2022-01-25 12:13:35       c#/ .net/ kubernetes/ google-cloud-platform/ kubernetes-ingress

问题描述

I would like to catch the Client IP Address inside my .NET application running behind GKE Ingress Controller to ensure that the client is permitted.我想在 GKE Ingress Controller 后面运行的 .NET 应用程序中捕获客户端 IP 地址,以确保允许客户端。

var requestIpAddress = request.HttpContext.Connection.RemoteIpAddress.MapToIPv4();

Instead of getting Client IP Address I get my GKE Ingress IP Address, due to The Ingress apply some forwarding rule.由于入口应用了一些转发规则,我没有获取客户端 IP 地址,而是获取了我的 GKE 入口 IP 地址。

The GKE Ingress controller is pointing to the Kubernetes service of type NodePort. GKE Ingress controller 指向 NodePort 类型的 Kubernetes 服务。

I have tried to add spec to NodePort service to preserve Client IP Address but it doesn't help.我试图将规范添加到 NodePort 服务以保留客户端 IP 地址,但它没有帮助。 It is because the NodePort service is also runng behind the Ingress这是因为 NodePort 服务也在 Ingress 后面运行

externalTrafficPolicy: Local

Is it possible to preserve Client IP Address with GKE Ingress controller on Kubernetes?是否可以在 Kubernetes 上使用 GKE 入口 controller 保留客户端 IP 地址?

NodePort Service for Ingress:入口的 NodePort 服务:

apiVersion: v1
kind: Service
metadata:
  name: api-ingress-service
  labels:
    app/name: ingress.api
spec:
  type: NodePort
  externalTrafficPolicy: Local
  selector:
    app/template: api
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: http

Ingress:入口:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress
  namespace: default
  labels:
    kind: ingress
    app: ingress
  annotations:
    networking.gke.io/v1beta1.FrontendConfig: frontend-config
spec:
  tls:
  - hosts:
    - '*.mydomain.com'
    secretName: tls-secret
  rules:
  - host: mydomain.com
    http:
      paths:
      - path: /*
        pathType: ImplementationSpecific
        backend:
          service:
            name: api-ingress-service
            port:
              number: 80

1 个解决方案

解决方案1
 0  

Posted community wiki for better visibility.发布社区 wiki 以获得更好的可见性。 Feel free to expand it.随意扩展它。

Currently the only way to get the client source IP address in GKE Ingress is to use X-Forwarded-For header.目前在 GKE Ingress 中获取客户端源 IP 地址的唯一方法是使用X-Forwarded-For header。 It's known limitation for all GCP HTTP(s) Load Balancers (GKE Ingress is using External HTTP(s) LB).所有 GCP HTTP(s) 负载均衡器的已知限制(GKE Ingress 使用外部 HTTP(s) LB)。

If it does not suit your needs, consider migrating to a third-party Ingress Controller which is using an external TCP/UDP network LoadBalancer, like NGINX Ingress Controller .如果它不适合您的需求,请考虑迁移到使用外部 TCP/UDP 网络负载平衡器的第三方 Ingress Controller,例如NGINX Ingress Z9BBF373797BF7CF7BA62C80023682E2

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 MVC 4 控制器中获取客户端 IP 地址? - How to get client IP address in MVC 4 controller? 如何获取域控制器IP地址 - How to get domain controller IP Address 如何获取客户端系统IP地址? - How to grab Client System IP Address? 如何在MVC中获取客户端ip地址 - How to get client ip address in MVC 如果通过ARR路由,如何获取客户端IP地址 - How to get client IP address if it is routed by ARR 客户端IP地址错误 - Wrong client IP address 记录客户端IP地址 - Log client IP address UserNamePasswordValidator中的客户端IP地址 - Client IP address in UserNamePasswordValidator 获取客户端的公网IP地址 - Get the public IP address of a client 获取客户端计算机的IP地址 - Get IP address of client machine
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM