externalTrafficPolicy: Local设置时无法访问以下 Kubernetes 服务。我直接通过 NodePort 访问它,但总是超时。
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "echo",
"namespace": "default",
"selfLink": "/api/v1/namespaces/default/services/echo",
"uid": "c1b66aca-cc53-11e8-9062-d43d7ee2fdff",
"resourceVersion": "5190074",
"creationTimestamp": "2018-10-10T06:14:33Z",
"labels": {
"k8s-app": "echo"
}
},
"spec": {
"ports": [
{
"name": "tcp-8080-8080-74xhz",
"protocol": "TCP",
"port": 8080,
"targetPort": 3333,
"nodePort": 30275
}
],
"selector": {
"k8s-app": "echo"
},
"clusterIP": "10.101.223.0",
"type": "NodePort",
"sessionAffinity": "None",
"externalTrafficPolicy": "Local"
},
"status": {
"loadBalancer": {}
}
}
我知道对于这个服务的 pod 需要在一个节点上可用,因为流量不会路由到其他节点。我检查了这个。
我们的 Kubernetes 集群包含一个 nginx 负载均衡器,用于将请求转发到其他 Pod。
但是,nginx 看到本地源 IP,因此无法设置正确的 X-Real-IP 标头。我尝试将 nginx 的 externalTrafficPolicy 值设置为“Local”,但 IP 没有改变。
nginx 服务配置部分:
"selector": {
"app": "nginx-ingress",
"component": "controller",
"release": "loping-lambkin"
},
"clusterIP": "10.106.1.182",
"type": "LoadBalancer",
"sessionAffinity": "None",
"externalTrafficPolicy": "Local",
"healthCheckNodePort": 32718
结果:
GET / HTTP/1.1
Host: example.com:444
X-Request-ID: dd3310a96bf154d2ac38c8877dec312c
X-Real-IP: 10.39.0.0
X-Forwarded-For: 10.39.0.0
我们使用带有 Metallb 的裸机集群。
load-balancing kubernetes weave kubernetes-ingress nginx-ingress