kubernetes nginx 入口日志不显示外部 ips
kubernetes nginx ingress log not displaying external ips
我让 ingress nginx 在 gcloud 中工作。但是,当我看到带有命令 kubectl log
的日志时
$ kubectl logs nginx-ingress-controller-59f55c679c-zcr24
myhost.com/clients"
10.28.0.1 - [10.28.0.1] - - [14/May/2018:09:00:59 +0000] "GET /api/users/2/10 HTTP/1.1" 304 0 "http://myhost.com/clients" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0" 796 0.083 [default-back-main-80] 10.28.0.93:1337 0 0.083 304
2018/05/14 09:01:00 [notice] 10982#10982: *6937489 "/api/(.*)" matches "/api/users/1/10", client: 10.28.0.1, server: myhost.com, request: "GET /api/users/1/10 HTTP/1.1", host: "myhost.com", referrer: "http://myhost.com/clients"
2018/05/14 09:01:00 [notice] 10982#10982: *6937489 rewritten data: "/users/1/10", args: "", client: 10.28.0.1, server: myhost.com, request: "GET /api/users/1/10 HTTP/1.1", host: "myhost.com", referrer: "http://myhost.com/clients"
10.28.0.1 - [10.28.0.1] - - [14/May/2018:09:01:00 +0000] "GET /api/users/1/10 HTTP/1.1" 304 0 "http://myhost.com/clients" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0" 796 0.014 [default-back-main-80] 10.28.0.93:1337 0 0.014 304
这只是日志的一部分,但是,所有 ip 都来自 10.28.0.1。我想查看外部 ip,或者我的用户的 ips。
此外,ip 10.28.*.* 的 root 对我来说似乎有点奇怪。如果我显示我的容器的 ip,你可以看到它似乎不同。
$ kubectl get service | awk '{print }'
CLUSTER-IP
10.31.243.114
10.31.245.58
10.31.241.148
10.31.240.1
我知道我的其他容器中的请求来自私有 ip,但是在入口容器中我应该接收用户的外部 ip。我怎样才能看到这些 ips?
看起来像 source IP (in your case, External IP) must be preserved while using the GKE service. Here, the default is set to use cluster IP, which means that traffic will go through SNAT and get transferred from node to node. During this time, the ‘Source IP' (External IP) get replaced with the node’s IP(a detailed explanation is provided in this 帮助中心文章)。
根据 article, by setting ‘service.spec.externalTrafficPolicy' 的值 'Local' 这将绕过 SNAT,您可以将流量直接路由到正确的 node/pod 从而保留源 IP。
为服务设置此 exernalTrafficPolicy 的命令可能如下所示:-
$kubectl patch svc [service_name] -p '{"spec":{"externalTrafficPolicy":"Local"}'
在你的情况下,service_name=nginx-ingress-controller-59f55c679c-zcr24
我让 ingress nginx 在 gcloud 中工作。但是,当我看到带有命令 kubectl log
$ kubectl logs nginx-ingress-controller-59f55c679c-zcr24
myhost.com/clients"
10.28.0.1 - [10.28.0.1] - - [14/May/2018:09:00:59 +0000] "GET /api/users/2/10 HTTP/1.1" 304 0 "http://myhost.com/clients" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0" 796 0.083 [default-back-main-80] 10.28.0.93:1337 0 0.083 304
2018/05/14 09:01:00 [notice] 10982#10982: *6937489 "/api/(.*)" matches "/api/users/1/10", client: 10.28.0.1, server: myhost.com, request: "GET /api/users/1/10 HTTP/1.1", host: "myhost.com", referrer: "http://myhost.com/clients"
2018/05/14 09:01:00 [notice] 10982#10982: *6937489 rewritten data: "/users/1/10", args: "", client: 10.28.0.1, server: myhost.com, request: "GET /api/users/1/10 HTTP/1.1", host: "myhost.com", referrer: "http://myhost.com/clients"
10.28.0.1 - [10.28.0.1] - - [14/May/2018:09:01:00 +0000] "GET /api/users/1/10 HTTP/1.1" 304 0 "http://myhost.com/clients" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0" 796 0.014 [default-back-main-80] 10.28.0.93:1337 0 0.014 304
这只是日志的一部分,但是,所有 ip 都来自 10.28.0.1。我想查看外部 ip,或者我的用户的 ips。
此外,ip 10.28.*.* 的 root 对我来说似乎有点奇怪。如果我显示我的容器的 ip,你可以看到它似乎不同。
$ kubectl get service | awk '{print }'
CLUSTER-IP
10.31.243.114
10.31.245.58
10.31.241.148
10.31.240.1
我知道我的其他容器中的请求来自私有 ip,但是在入口容器中我应该接收用户的外部 ip。我怎样才能看到这些 ips?
看起来像 source IP (in your case, External IP) must be preserved while using the GKE service. Here, the default is set to use cluster IP, which means that traffic will go through SNAT and get transferred from node to node. During this time, the ‘Source IP' (External IP) get replaced with the node’s IP(a detailed explanation is provided in this 帮助中心文章)。
根据 article, by setting ‘service.spec.externalTrafficPolicy' 的值 'Local' 这将绕过 SNAT,您可以将流量直接路由到正确的 node/pod 从而保留源 IP。
为服务设置此 exernalTrafficPolicy 的命令可能如下所示:-
$kubectl patch svc [service_name] -p '{"spec":{"externalTrafficPolicy":"Local"}'
在你的情况下,service_name=nginx-ingress-controller-59f55c679c-zcr24