All geek questions in one place

How to save the original IP address from traffic entering the ClusterIP service with an external IP address?

I currently have a service that looks like this:

apiVersion: v1 kind: Service metadata: name: httpd spec: ports: - port: 80 targetPort: 80 name: http protocol: TCP - port: 443 targetPort: 443 name: https protocol: TCP selector: app: httpd externalIPs: - 10.128.0.2 # VM internal IP

I can receive traffic from an external IP address bound to the VM, but all requests are accepted by HTTP with the original IP address 10.104.0.1 , which is most definitely the internal IP address, even when I connect to the virtual machine an external IP from outside a cluster.

How can I get a real IP address for a request without having to configure load balancing or login?

+5
source share
2 answers

It is not so simple - because of how kube-proxy works, your traffic can be forwarded between nodes before it reaches the module that supports your service.

There are a few beta annotations you can use to get around this, in particular service.beta.kubernetes.io/external-traffic: OnlyLocal .

More information in the docs here: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer

But this does not meet your additional requirement not to require a LoadBalancer. Can you explain why you do not want to include the LoadBalancer?

+1
source

If you have only one module, you can use hostNetwork: true to achieve this:

 apiVersion: apps/v1beta1 kind: Deployment metadata: name: caddy spec: replicas: 1 template: metadata: labels: app: caddy spec: hostNetwork: true # <--------- containers: - name: caddy image: your_image env: - name: STATIC_BACKEND # example env in my custom image value: $(STATIC_SERVICE_HOST):80

Note that by doing this , your module will inherit the host's DNS receiver , not Kubernetes. This means that you can no longer resolve cluster services by DNS name. For example, in the example above, you cannot access the static service at http: // static . You can still access services at their cluster IP address, which are entered by environment variables .

+1
source

Source: https://habr.com/ru/post/1264760/

More articles: