Geek Answers Handbook

Kubernetes does not save the original ip

I installed kubernetes 1.2.0 with the following configuration

export nodes=" user@10.0.0.30 user@10.0.0.32 " export role="ai i" export NUM_NODES=2 export SERVICE_CLUSTER_IP_RANGE=192.168.3.0/24 export FLANNEL_NET=172.16.0.0/16 export KUBE_PROXY_EXTRA_OPTS="--proxy-mode=iptables"

I created the nginx module and expose it with a load balancer and an external IP address

 kubectl expose pod my-nginx-3800858182-6qhap --external-ip=10.0.0.50 --port=80 --target-port=80

I use bare metal kubernets, so I assigned 10.0.0.50 ip to create the node.

If I try to spin 10.0.0.50 (from outside the kubernet) and use tcpdump on the nginx module, I see traffic, the source ip is always from the main kubernet node

 17:30:55.470230 IP 172.16.60.1.43030 > 172.16.60.2.80: ... 17:30:55.470343 IP 172.16.60.2.80 > 172.16.60.1.43030: ...

I am using mode-proxy = iptables. and you need to get the actual ip source. what am I doing wrong?

+1
source share
2 answers

This was added as an annotation in Kubernetes 1.5 (docs here ).

In 1.7, he graduated from GA, so you can specify a load balancing policy in the service with the spec.externalTrafficPolicy field (docs here ):

 { "kind": "Service", "apiVersion": "v1", "metadata": { "name": "example-service", }, "spec": { "ports": [{ "port": 8765, "targetPort": 9376 }], "selector": { "app": "example" }, "type": "LoadBalancer", "externalTrafficPolicy": "Local" } }
+1
source

Unfortunately, you are not doing anything wrong. This is an artifact of how packets are proxied from a machine that receives them to the destination container.

There was a rather long Github problem in the problem, but no solutions were found, except launching your front-end load balancer outside the Kubernetes cluster (for example, using the cloud load balancer that attaches the X-FORWARDED-FOR header).

0
source

More articles:


All Articles