I installed k3s and by default I am using the traefik controller, I created an ingress resource in the format of an ingress-nginx controller that works fine. It looks like this
kind: Ingress
metadata:
annotations:
meta.helm.sh/release-name: game
meta.helm.sh/release-namespace: roh5server
name: game-roh5-server-10001-ingress-10003
namespace: hdh5
spec:
ingressClassName: traefik
rules:
- host: server.xxxxxxxx
http:
paths:
- backend:
service:
name: game-roh5-server-svc-10001
port:
number: 10003
path: /s10001
pathType: Prefix
I want to implement X-Forwarded-For now, do I need to change the configuration file of the traefik controller or do I need to add certain resource definitions
What do you mean by "implement"?
Usually Traefik sets proxy headers automatically:
X-Forwarded-For: 1.2.3.4
X-Forwarded-Host: example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 550b60b176ee
X-Real-Ip: 1.2.3.4
I have a program that captures the response (according to https://httpbin.org) as follows, but it doesn't get results similar to yours
root@debian:~# cat 1.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: httpbin-ingress
spec:
rules:
- host: server.hdh5.local.h.xinghuihuyu.cn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-service
port:
number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin-deployment
labels:
app: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
template:
metadata:
labels:
app: httpbin
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: httpbin
image: kennethreitz/httpbin
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: ClusterIP
selector:
app: httpbin
ports:
- port: 80
targetPort: 80
root@debian:~# curl server.hdh5.local.h.xinghuihuyu.cn/get
{
"args": {},
"headers": {
"Accept": "*/*",
"Accept-Encoding": "gzip",
"Host": "server.hdh5.local.h.xinghuihuyu.cn",
"User-Agent": "curl/7.88.1",
"X-Forwarded-Host": "server.hdh5.local.h.xinghuihuyu.cn",
"X-Forwarded-Server": "traefik-69cbb4499d-hn4d9"
},
"origin": "10.42.0.1",
"url": "http://server.hdh5.local.h.xinghuihuyu.cn/get"
}
To echo headers you can try traefik/whoami.
The address recorded is the address of the virtual gateway in k3s, and I don't understand why that is
root@debian:~# curl server.hdh5.local.h.xinghuihuyu.cn
Hostname: whoami-8c9864b56-lzzzd
IP: 127.0.0.1
IP: ::1
IP: 10.42.0.167
IP: fe80::4c51:93ff:fe86:9d7d
RemoteAddr: 10.42.0.160:56712
GET / HTTP/1.1
Host: server.hdh5.local.h.xinghuihuyu.cn
User-Agent: curl/7.88.1
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.42.0.1
X-Forwarded-Host: server.hdh5.local.h.xinghuihuyu.cn
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: traefik-69cbb4499d-hn4d9
X-Real-Ip: 10.42.0.1
You probably need to tell Traefik to trust the incoming headers to forward them (doc).
I've set it up but it's still not working!
root@debian:~# kubectl -n kube-system get deployments.apps traefik -o yaml
...
- args:
- --global.checknewversion
- --global.sendanonymoususage
- --entrypoints.metrics.address=:9100/tcp
- --entrypoints.traefik.address=:9000/tcp
- --entrypoints.web.address=:8000/tcp
- --entrypoints.websecure.address=:8443/tcp
- --api.dashboard=true
- --ping=true
- --metrics.prometheus=true
- --metrics.prometheus.entrypoint=metrics
- --providers.kubernetescrd
- --providers.kubernetesingress
- --providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik
- --entrypoints.websecure.http.tls=true
- --entryPoints.web.proxyProtocol.insecure
- --entryPoints.web.forwardedHeaders.insecure
- --entrypoints.websecure.forwardedHeaders.insecure
...