Fatal编程技术网
  • kubernetes/
  • 在kubernetes上运行的traefik AWS ELB上的真实IP

在kubernetes上运行的traefik AWS ELB上的真实IP

kubernetes

在kubernetes上运行的traefik AWS ELB上的真实IP,kubernetes,amazon-elb,traefik,amazon-eks,traefik-ingress,Kubernetes,Amazon Elb,Traefik,Amazon Eks,Traefik Ingress,我已经在EKS集群(v1.13)上部署了一个服务,该集群配置了traefik(v1.7)。我已将源IP列为白名单,并在ELB上启用了Proxyprotocol。我无法获得客户的真实IP。下面是我如何配置的 特拉菲克 [entryPoints.https.whiteList] sourceRange = ["10.100.0.0/16"] useXForwardedFor = true [entryPoints.https.proxyProtocol] trustedIPs = ["1

我已经在EKS集群(v1.13)上部署了一个服务,该集群配置了traefik(v1.7)。我已将源IP列为白名单,并在ELB上启用了Proxyprotocol。我无法获得客户的真实IP。下面是我如何配置的

特拉菲克

[entryPoints.https.whiteList]
  sourceRange = ["10.100.0.0/16"]
  useXForwardedFor = true
[entryPoints.https.proxyProtocol]
  trustedIPs = ["10.100.0.0/16"]
[entryPoints.https.forwardedHeaders]
  trustedIPs = ["10.100.0.0/16"]
入口对象:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-nginx
  annotations:
    kubernetes.io/ingress.class: "test-dev"
    traefik.ingress.kubernetes.io/preserve-host: "true"
    ingress.kubernetes.io/whitelist-x-forwarded-for: "true"
    traefik.ingress.kubernetes.io/whitelist-source-range: "10.100.0.0/16"
spec:
  rules:
    - host: test-nginx.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: nginx-headers
              servicePort: 80
输出:

$ curl https://test-nginx.example.com/
Hostname: nginx-headers-5f544s5cc3-sl5c6
IP: 127.0.0.1
IP: 10.100.0.57
GET / HTTP/1.1
Host: test-nginx.example.com
User-Agent: curl/7.64.1
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 54.31.147.124, 10.100.0.57
X-Forwarded-Host: test-nginx.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: test-dev-traefik-7549d898bc-ttjf4
X-Real-Ip: 10.100.0.57
我是不是遗漏了什么?任何帮助都将不胜感激。

我知道这不是一个安全的解决方案,但至少您将看到真正的IP并可以继续调试

[entryPoints.https.whiteList]
  sourceRange = ["0.0.0.0/0"]
  useXForwardedFor = true
[entryPoints.https.proxyProtocol]
  trustedIPs = ["0.0.0.0/0"]
[entryPoints.https.forwardedHeaders]
  trustedIPs = ["0.0.0.0/0]
及注释:

traefik.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
它在Docker Swarm中对我有效

我知道这不是一个安全的解决方案,但至少你会看到真正的IP并可以继续调试

[entryPoints.https.whiteList]
  sourceRange = ["0.0.0.0/0"]
  useXForwardedFor = true
[entryPoints.https.proxyProtocol]
  trustedIPs = ["0.0.0.0/0"]
[entryPoints.https.forwardedHeaders]
  trustedIPs = ["0.0.0.0/0]
及注释:

traefik.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
这对我在Docker Swarm很有效

嗨,你解决过这个问题吗?我也有同样的问题嗨,你解决过这个问题吗?我也有同样的问题