[英]How to use Nginx ingress service for internal and external in a single GKE cluster and namespace
[英]Receiving external request from internal IP on Nginx Pod in GKE
我在 GKE 中创建了带有负载均衡器服务的 Nginx pod。 当它收到来自外部用户的请求时,在 Nginx 日志中它显示请求是从内部 IP 收到的(这是随机发生的)。
样品请求
"@timestamp": "03/Sep/2022:16:25:38 +0530", "@fields": { "remote_addr": "10.160.0.30", "remote_user": "-", "body_bytes_sent": "3767", "gzip_ratio": "3.52","request_time": "0.113", "connection_requests": "7","status": "200", "request": "GET /admin HTTP/2.0", "request_method": "GET"
YAML 文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: image_name
ports:
- containerPort: 80
- containerPort: 443
resources:
requests:
cpu: 2000m
memory: 2Gi
limits:
cpu: 2000m
memory: 2Gi
==========
apiVersion: v1
kind: Service
metadata:
name: dev-nginx-lb-service
spec:
loadBalancerIP: IP_address
type: LoadBalancer
selector:
app: nginx
ports:
- name: https
protocol: TCP
port: 443
targetPort: 443
- name: http
protocol: TCP
port: 80
targetPort: 80
不知道为什么会是随机的。 默认情况下,GKE 节点对通过负载均衡接收的数据包执行 SNAT。 如果您想将客户端地址直接传递给后端 pod,您可以在服务规范中设置externalTrafficPolicy: Local
:
apiVersion: v1
kind: Service
metadata:
name: dev-nginx-lb-service
spec:
loadBalancerIP: IP_address
type: LoadBalancer
externalTrafficPolicy: Local
selector:
app: nginx
ports:
- name: https
protocol: TCP
port: 443
targetPort: 443
- name: http
protocol: TCP
port: 80
targetPort: 80
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.