我如何使用 kubernetes 获取客户端 ip?
How do i get client ip with kubernetes?
我正在尝试使用 kubernetes 获取真实的客户端 ip。许多人说我应该将 externalTrafficPolicy: Local 放在我的 kubernetes 设置中,问题是我什至不知道把它放在哪里并且不断出错。这是我的代码 yaml 文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: <DEV_GCP_APP_NAME>
labels:
app: <DEV_GCP_APP_NAME>
spec:
// when i put externalTrafficPolicy: Local here it says unknown field "externalTrafficPolicy" in io.k8s.api.apps.v1.DeploymentSpec
replicas: 1
selector:
matchLabels:
app: <DEV_GCP_APP_NAME>
template:
metadata:
labels:
app: <DEV_GCP_APP_NAME>
spec:
// when i put externalTrafficPolicy: Local here it says unknown field "externalTrafficPolicy" in io.k8s.api.core.v1.PodSpec
containers:
- name: <DEV_GCP_APP_NAME>
image: gcr.io/<DEV_GCP_PROJECT_NAME>/<DEV_GCP_APP_NAME>:<CI_PIPELINE_ID>
env:
- name: DB_USER
valueFrom:
secretKeyRef:
name: data-service-project
key: db_user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: data-service-project
key: db_pass
- name: DB_HOST
valueFrom:
secretKeyRef:
name: data-service-project
key: db_host
- name: DB_PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: db_port
- name: DB_NAME
valueFrom:
secretKeyRef:
name: data-service-project
key: db_name
- name: PG_USER
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_user
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_password
- name: PG_HOST
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_host
- name: PG_PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_port
- name: PG_NAME
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_name
- name: PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: port
- name: TOKEN_SECRET
valueFrom:
secretKeyRef:
name: data-service-project
key: token_secret
- name: COOKIES_SECRET
valueFrom:
secretKeyRef:
name: data-service-project
key: cookies_secret
- name: GIN_MODE
value: debug
- name: DISABLE_EXTERNAL_SERVICE
value: 'false'
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.16
command: [ "/cloud_sql_proxy",
"-instances=<DEV_GCP_DB_INSTANCE>",
"-credential_file=/secrets/cloudsql/sql_credentials.json" ]
volumeMounts:
- name: my-secrets-volume
mountPath: /secrets/cloudsql
readOnly: true
volumes:
- name: my-secrets-volume
secret:
secretName: cloudsql-instance-credentials
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
name: <DEV_GCP_APP_NAME>-certificate
spec:
domains:
- <DEV_GCP_APP_URL>
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: <DEV_GCP_APP_NAME>-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: <DEV_GCP_APP_NAME>-static-ip
networking.gke.io/managed-certificates: <DEV_GCP_APP_NAME>-certificate
spec:
backend:
serviceName: <DEV_GCP_APP_NAME>-service
servicePort: 80
// when i put externalTrafficPolicy: Local here it says unknown field "externalTrafficPolicy" in io.k8s.api.networking.v1beta1.IngressBackend
我应该把这个 externalTrafficPolicy 东西放在哪里?有人能帮助我吗。谢谢你们:)
externalTrafficPolicy 属于服务规范:
kind: Service
...
spec:
externalTrafficPolicy: Local
请参阅 Kubernetes documentation 中有关保留客户端源 IP 地址和示例的更多详细文档。
我正在尝试使用 kubernetes 获取真实的客户端 ip。许多人说我应该将 externalTrafficPolicy: Local 放在我的 kubernetes 设置中,问题是我什至不知道把它放在哪里并且不断出错。这是我的代码 yaml 文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: <DEV_GCP_APP_NAME>
labels:
app: <DEV_GCP_APP_NAME>
spec:
// when i put externalTrafficPolicy: Local here it says unknown field "externalTrafficPolicy" in io.k8s.api.apps.v1.DeploymentSpec
replicas: 1
selector:
matchLabels:
app: <DEV_GCP_APP_NAME>
template:
metadata:
labels:
app: <DEV_GCP_APP_NAME>
spec:
// when i put externalTrafficPolicy: Local here it says unknown field "externalTrafficPolicy" in io.k8s.api.core.v1.PodSpec
containers:
- name: <DEV_GCP_APP_NAME>
image: gcr.io/<DEV_GCP_PROJECT_NAME>/<DEV_GCP_APP_NAME>:<CI_PIPELINE_ID>
env:
- name: DB_USER
valueFrom:
secretKeyRef:
name: data-service-project
key: db_user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: data-service-project
key: db_pass
- name: DB_HOST
valueFrom:
secretKeyRef:
name: data-service-project
key: db_host
- name: DB_PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: db_port
- name: DB_NAME
valueFrom:
secretKeyRef:
name: data-service-project
key: db_name
- name: PG_USER
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_user
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_password
- name: PG_HOST
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_host
- name: PG_PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_port
- name: PG_NAME
valueFrom:
secretKeyRef:
name: data-service-project
key: pg_name
- name: PORT
valueFrom:
secretKeyRef:
name: data-service-project
key: port
- name: TOKEN_SECRET
valueFrom:
secretKeyRef:
name: data-service-project
key: token_secret
- name: COOKIES_SECRET
valueFrom:
secretKeyRef:
name: data-service-project
key: cookies_secret
- name: GIN_MODE
value: debug
- name: DISABLE_EXTERNAL_SERVICE
value: 'false'
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.16
command: [ "/cloud_sql_proxy",
"-instances=<DEV_GCP_DB_INSTANCE>",
"-credential_file=/secrets/cloudsql/sql_credentials.json" ]
volumeMounts:
- name: my-secrets-volume
mountPath: /secrets/cloudsql
readOnly: true
volumes:
- name: my-secrets-volume
secret:
secretName: cloudsql-instance-credentials
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
name: <DEV_GCP_APP_NAME>-certificate
spec:
domains:
- <DEV_GCP_APP_URL>
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: <DEV_GCP_APP_NAME>-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: <DEV_GCP_APP_NAME>-static-ip
networking.gke.io/managed-certificates: <DEV_GCP_APP_NAME>-certificate
spec:
backend:
serviceName: <DEV_GCP_APP_NAME>-service
servicePort: 80
// when i put externalTrafficPolicy: Local here it says unknown field "externalTrafficPolicy" in io.k8s.api.networking.v1beta1.IngressBackend
我应该把这个 externalTrafficPolicy 东西放在哪里?有人能帮助我吗。谢谢你们:)
externalTrafficPolicy 属于服务规范:
kind: Service
...
spec:
externalTrafficPolicy: Local
请参阅 Kubernetes documentation 中有关保留客户端源 IP 地址和示例的更多详细文档。