使用负载均衡器时在kubernetes日志中查看客户端ip地址

使用负载均衡器时在kubernetes日志中查看客户端ip地址

本文介绍了使用负载均衡器时在kubernetes日志中查看客户端ip地址的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在GKE上托管我的应用程序.服务器中安装的kubectl版本为v1.10.11-gke.1,nginx-ingress为nginx-ingress-0.28.2

I am hosting my application on GKE. The kubectl version installed in the server is v1.10.11-gke.1 and nginx-ingress is nginx-ingress-0.28.2

我想在日志中查看客户端IP地址.目前,我仅能看到Pod IP地址,例如:

I would like to see the client IP address in my logs. For now, I can only see the pod IP address for example:

2019-02-14 15:17:21.000 EAT10.60.1.1 - [10.60.1.1] - - [14/Feb/2019:12:17:21 +0000] "GET /user HTTP/2.0" 404 9 "-" "Mozilla/5.0 (Macintosh;

2019-02-14 15:17:21.000 EAT10.60.1.1 - [10.60.1.1] - - [14/Feb/2019:12:17:21 +0000] "GET /user HTTP/2.0" 404 9 "-" "Mozilla/5.0 (Macintosh;

我的服务具有由letencrypt管理的tls.如何在日志中获取客户端IP地址?

My service has tls managed by letsencrypt. How can I get the client IP address on the logs?

日志文件截图

推荐答案

我重现了您在测试中观察到的行为.在我自己的容器日志中,在使用nginx-ingress控制器运行的作业上,假设nginx-ingress-controller服务的YAML文件设置为:

I reproduced the behavior you observed in a test. In my own container logs, on a job running with an nginx-ingress controller, we can only see the internal IP address assuming that nginx-ingress-controller service YAML file is set to:

externalTrafficPolicy: Cluster

将流量设置为群集"意味着所有节点都可以接收请求. 群集模糊了客户端源IP",请求也可能是 SNAT 到具有正在运行的pod的节点.

Setting traffic to 'Cluster" means that all the nodes can receive the requests. 'Cluster obscures the client source IP', the requests also could be SNAT'd to a node that has the running pod.

但是,如果您进行更改:

However, If you change:

externalTrafficPolicy: Local

客户端源IP已公开. 本地"保留了客户端源IP,但可能会导致流量分配不均衡.这是由于以下事实:网络负载平衡器认为只有运行Pod的节点才是正常的.这些请求将仅发送到运行状况良好的节点.

The client source IP are exposed. "Local" preserves the client source IP but may cause imbalanced traffic spreading.This due to the fact that only the Nodes that are running the pods will be considered healthy by the network load balancer. The requests will be sent only to healthy nodes.

关于如何在您的容器中保留源IP ,并进一步阅读使用 Type = Nodeport 有助于了解正在发生的情况.

Some background explanation on how to preserve source IP in your containers and some further reading on the hops for source IP for services with Type=Nodeport can be useful to understand what is happening.

这篇关于使用负载均衡器时在kubernetes日志中查看客户端ip地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-24 15:19