在 GKE 中的 Nginx Pod 上接收来自内部 IP 的外部请求

Question

我在 GKE 中创建了带有负载均衡器服务的 Nginx pod。 当它收到来自外部用户的请求时，在 Nginx 日志中它显示请求是从内部 IP 收到的（这是随机发生的）。

样品请求

"@timestamp": "03/Sep/2022:16:25:38 +0530", "@fields": { "remote_addr": "10.160.0.30", "remote_user": "-", "body_bytes_sent": "3767", "gzip_ratio": "3.52","request_time": "0.113", "connection_requests": "7","status": "200", "request": "GET /admin HTTP/2.0", "request_method": "GET"

YAML 文件

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: image_name
        ports:
        - containerPort: 80
        - containerPort: 443
        resources:
          requests:
            cpu: 2000m
            memory: 2Gi
          limits:
            cpu: 2000m
            memory: 2Gi

==========

apiVersion: v1
kind: Service
metadata:
  name: dev-nginx-lb-service
spec:
  loadBalancerIP: IP_address
  type: LoadBalancer
  selector:
    app: nginx
  ports:
  - name: https
    protocol: TCP
    port: 443
    targetPort: 443
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80

Answer 1

不知道为什么会是随机的。 默认情况下，GKE 节点对通过负载均衡接收的数据包执行 SNAT。 如果您想将客户端地址直接传递给后端 pod，您可以在服务规范中设置externalTrafficPolicy: Local ：

apiVersion: v1
kind: Service
metadata:
  name: dev-nginx-lb-service
spec:
  loadBalancerIP: IP_address
  type: LoadBalancer
  externalTrafficPolicy: Local
  selector:
    app: nginx
  ports:
  - name: https
    protocol: TCP
    port: 443
    targetPort: 443
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80