堆棧內存溢出
  簡體   English   中英

在 K3S NGINX 入口中轉發真實請求者 IP

[英]Forward real requestor IP in K3S NGINX ingress

 原文  2022-01-09 10:48:39       kubernetes/ nginx-ingress/ nextcloud/ k3s

問題描述

I've set up a K3S Kubernetes Environment in my Home-Lab on Raspberry PIs in order to teach myself some Kubernetes (Noob-Alert), using NGINX as Ingress Controller and I'm kind of stuck at passing the real IP of requests to目標 Pod,在我的例子中是 Nextcloud 實例。 K3S 的版本是v1.22.5+k3s1

K3S 是使用 Docker 作為容器運行時並使用--no-deploy traefik選項設置的。

之后,我使用

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/baremetal/deploy.yaml

然后,在部署 Nextcloud pod 之后,我部署了 Ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
  - hosts:
    - my.own-dns.org
    secretName: very-secret-ssl-secret
  ingressClassName: nginx
  rules:
  - host: my.own-dns.org
    http:
      paths:
        - path: /somepath
          pathType: Prefix
          backend:
            service:
              name: someservice-service
              port:
                number: 8081
        - path: /
          pathType: Prefix
          backend:
            service:
              name: nextcloud-service
              port:
                number: 80

在 IngressController 的部署中,我在 ConfigMap 中添加了以下條目:

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.10
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.1.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
data:
  allow-snippet-annotations: 'true'
  compute-full-forwarded-for: 'true'
  use-forwarded-headers: 'true'
  enable-real-ip: 'true'
  proxy-add-original-uri-header: 'true'
  forwarded-for-header: 'X-Forwarded-For'

並將 ServiceType 從 http 服務更改為LoadBalancer ,因此我的 IngressController 服務如下所示:

apiVersion: v1
kind: Service
metadata:
  annotations:
  labels:
    helm.sh/chart: ingress-nginx-4.0.10
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.1.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  type: LoadBalancer
  ipFamilyPolicy: SingleStack
  ipFamilies:
    - IPv4
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
      appProtocol: http
    - name: https
      port: 443
      protocol: TCP
      targetPort: https
      appProtocol: https
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/component: controller

So far so good, accessing the Nextcloud Instance from the Internet working great, including redirection to https, etc. But the Nextcloud Audit Log is only getting an internal Cluster IP as Source IP (surprisingly no IP from any Service I am running inside the Cluster ),而不是來自外部世界的真實。

那么我錯過了什么? 我嘗試將use-proxy-protocol設置為 true,但這會導致ERR_CONNECTION_RESET

1 個解決方案

解決方案1
 0  2022-01-09 17:07:59

在 NGINX 服務器上配置 SSL 終止時,原始 IP 地址應顯示在 X-Forward-for 標頭中

當 SSL 未被 NGINX 卸載時, use-proxy-protocol用於通過代理協議轉發 IP 地址。 客戶端必須能夠接受包含原始 IP 地址的附加 TCP 數據包。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 如何從 k3s 上的 nginx 入口修復空的外部 IP? k3s - ingress-nginx - 路徑匹配確實有效 Google上的nginx-ingress k8s沒有IP地址 NGINX Ingress Controller 的負載均衡器隱藏了真正的客戶端 IP Kubernetes (K3S) 中對 Traefik 入口的 HTTP2 支持 k3s 上的默認 Traefik 入口控制器提供“網關超時” 如何將 k3s 的入口移動到另一個端口 K3s traefik 入口返回網關超時 nginx入口控制器轉發源ip 內部 nginx 除了在一個 vps 上設置 k3s
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM