1.nlb配置
添加显示源ip字段
#添加配置(保留访问源ip) externalTrafficPolicy: Local
此配置,在后端“多副本数”业务时会导致负载不均衡,但是若须配置白名单,则为必须前提!!
示例:
kind: Service apiVersion: v1 metadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx annotations: # by default the type is elb (classic load balancer). service.beta.kubernetes.io/aws-load-balancer-type: nlb spec: # this setting is to make sure the source IP address is preserved. externalTrafficPolicy: Local type: LoadBalancer selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx ports: - name: http port: 80 targetPort: http - name: https port: 443 targetPort: https
2.对应业务的ingress添加白名单
添加白名单列表(支持网段,ip地址逗号分隔)
nginx.ingress.kubernetes.io/whitelist-source-range: 'x.x.x.x/24,x.x.x.x'
ingress优先级比nlb高,只在单独ingress生效
示例:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: grafana-ingress namespace: grafana annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/whitelist-source-range: 'x.x.x.x/24,x.x.x.x' spec: rules: - host: grafana.da-e.top http: paths: - path: / pathType: Prefix backend: service: name: grafana-svc port: number: 80
