Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/kubernetes/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Azure Kubernetes nginx入口:保留客户端IP_Kubernetes_Azure Container Service - Fatal编程技术网
Fatal编程技术网
  • kubernetes/
  • Azure Kubernetes nginx入口:保留客户端IP

Azure Kubernetes nginx入口:保留客户端IP

kubernetes

Azure Kubernetes nginx入口:保留客户端IP,kubernetes,azure-container-service,Kubernetes,Azure Container Service,我尝试使用代理协议保留客户端IP。不幸的是,它不起作用 Azure LB=>nginx入口=>服务 我最终得到了入口服务吊舱IP 入口控制器部署: apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-ingress-controller namespace: kube-system spec: replicas: 1 template: metadata: labels:

我尝试使用代理协议保留客户端IP。不幸的是,它不起作用

Azure LB=>nginx入口=>服务

我最终得到了入口服务吊舱IP

入口控制器部署:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: kube-system
spec:
  replicas: 1
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-lb
      annotations:
        prometheus.io/port: '10254'
        prometheus.io/scrape: 'true'
    spec:
      # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration
      # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host
      # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used
      # like with kubeadm
      # hostNetwork: true
      terminationGracePeriodSeconds: 60
      containers:
      - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.5
        name: nginx-ingress-controller
        readinessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
        livenessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          timeoutSeconds: 1
        ports:
        - containerPort: 80
          hostPort: 80
        - containerPort: 443
          hostPort: 443
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        args:
        - /nginx-ingress-controller
        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
        - --configmap=default/nginx-ingress-controller
入口控制器服务:

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress
  namespace: kube-system
  annotations:
   service.beta.kubernetes.io/external-traffic: "OnlyLocal"
spec:
  type: LoadBalancer
  ports:
    - port: 80
      name: http
    - port: 443
      name: https
  selector:
    k8s-app: nginx-ingress-lb
nginx配置映射:

apiVersion: v1
metadata:
  name: nginx-ingress-controller
data:
  use-proxy-protocol: "true"
kind: ConfigMap
让它发挥作用

入口控制器部署中
我将映像更改为

gcr.io/google_containers/nginx-ingress-controller:0.8.3
并删除了
configmap

我正在使用入口转发到一个带有dotnet核心api的pod

添加

  var options = new ForwardedHeadersOptions()
  {
    ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.All,
    RequireHeaderSymmetry = false,
    ForwardLimit = null
  };

//add known proxy network(s) here
options.KnownNetworks.Add(network)
app.UseForwardedHeaders(options);
启动成功了