search

istio / old_issues_repo

Deprecated issue-tracking repo, please post new issues or feature requests to istio/istio instead.
37 stars 9 forks source link

How get client external ip to extrapolate geolocation #385

Open azr opened 6 years ago

azr commented 6 years ago

Is this a BUG or FEATURE REQUEST?: FEATURE REQUEST ?

What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details istio 0.8.0

Description

I have a service that requires to guess a request's country, from ip.

Solution 1 : I changed service/istio-ingress and set externalTrafficPolicy: "Local" So that a request won't hop across the cluster nodes & we can see the actual client's ip. This kinda sucks for performances because we risks potentially imbalanced traffic spreading & yadi yada.

Non Solution 2 that didn't work - gcp only : Use GCP's User-defined request headers

But I could not find the backend of the istio service as kubectl describe ingress | grep backends gave no result. source Is istio's ingress actually creating a backend ? No, right ?

Anyways; I'm creating this for the record !

Related: https://github.com/istio/istio/issues/3059 https://github.com/istio/issues/issues/51

louiscryan commented 6 years ago

I think what you really want here is geo-aware load balancing. Zone-aware LB is a reasonable proxy for this behavior and we have plans to make that available to folks though probably post 1.0.

facundomedica commented 6 years ago

I'm also trying to get the client's IP. What OP asks is basically that, but he/she also goes on to explain why he needs it.

I'm printing the requests that arrive to my container:

POST /shared/login HTTP/1.1
Host: primeratest.REDACTED.co
Accept-Encoding: gzip
Content-Length: 364
Content-Type: application/x-www-form-urlencoded
User-Agent: okhttp/3.8.1
X-B3-Sampled: 1
X-B3-Spanid: 5dc565d1235a089c
X-B3-Traceid: 5dc565d1235a089c
X-Envoy-Internal: true
X-Forwarded-For: 10.xxx.0.4 // this is an internal IP
X-Forwarded-Proto: https
X-Request-Id: e78ed2dc-9eb8-934b-b311-75e1bce9869

I have a gateway and a VirtualService:

---
kind: Service
apiVersion: v1
metadata:
  name: api
  labels:
    app: api
spec:
  selector:
    app: api
  ports:
    - port: 5000
      protocol: TCP
      targetPort: 5000
      name: http
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: api-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
      privateKey: /etc/istio/ingressgateway-certs/tls.key
    hosts:
    - "primeratest.redacted.co"
  - port:
      number: 80
      name: http
      protocol: HTTP
    tls:
      httpsRedirect: true
    hosts:
    - "primeratest.redacted.co"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: api
spec:
  hosts:
  - "primeratest.redacted.co"
  gateways:
  - api-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: api
        port:
          number: 5000

EDIT: I followed this link from the newer repo, didn't realized that this was old.