background
In Kubernetes, obtaining the real IP address of the client is a common requirement. This is because in the load balancing architecture, the source IP address of the original request will be replaced with the IP address of the load balancer.
The requirement background for obtaining the real IP of the client includes the following points:
- Security: Access control and authentication authorization based on client IP can improve system security.
- Logging and Auditing: Logging real IPs helps with monitoring, troubleshooting, and compliance auditing.
- Statistics and analysis: Understanding user origin regions and behaviors can provide valuable data support for business decision-making and resource allocation optimization.
- Anti-fraud and risk assessment: Fraud detection, risk assessment or geo-location related functions based on real IP can improve accuracy and reliability.
By properly configuring Kubernetes Ingress and related components, it is possible to ensure that the real IP in the original request is correctly passed to the backend service, meeting the above requirements and providing more accurate, secure and reliable services.
configuration method
Take the ingress-nginx installed in the Alibaba Cloud ack cluster as an example
Method 1 command line add method
1. Get the configmap configuration file name of ingress-nginx-controller
[root@K8SMASTER01 ~]# kubectl get -n kube-system deployment ack-ingress-nginx-controller -oyaml|grep configmap
- --configmap=$(POD_NAMESPACE)/ack-ingress-nginx-controller
2. Edit the configmap configuration file of ingress-nginx-controller
Add the parameters to the configuration file to add the level as shown below
compute-full-forwarded-for = true
forwarded-for-header = X-Forwarded-For
use-forwarded-headers =true
kubectl edit -n kube-system cm ack-ingress-nginx-controller
Just save and exit, it will take effect immediately without restarting the pod
Method 2 console add
1. View the yaml file of ingress-nginx-controller
2. Go to the k8s cluster console configuration item option
3. Add the following configuration and click Save