Skip to content
This repository has been archived by the owner on Feb 16, 2019. It is now read-only.

How get client external ip to extrapolate geolocation #385

Open
azr opened this issue Jun 8, 2018 · 2 comments
Open

How get client external ip to extrapolate geolocation #385

azr opened this issue Jun 8, 2018 · 2 comments
Labels
area/networking area/policies and telemetry kind/enhancement
Milestone
Nebulous Future

Comments

@azr
Copy link

azr commented Jun 8, 2018

Is this a BUG or FEATURE REQUEST?:
FEATURE REQUEST ?

What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details
istio 0.8.0

Description

I have a service that requires to guess a request's country, from ip.

Solution 1 :
I changed service/istio-ingress and set externalTrafficPolicy: "Local"
So that a request won't hop across the cluster nodes & we can see the actual client's ip.
This kinda sucks for performances because we risks potentially imbalanced traffic spreading & yadi yada.

Non Solution 2 that didn't work - gcp only :
Use GCP's User-defined request headers

But I could not find the backend of the istio service as kubectl describe ingress | grep backends gave no result. source
Is istio's ingress actually creating a backend ? No, right ?

Anyways; I'm creating this for the record !

Related:
istio/istio#3059
#51
@louiscryan louiscryan added this to the Nebulous Future milestone Jun 13, 2018
@louiscryan
Copy link

I think what you really want here is geo-aware load balancing. Zone-aware LB is a reasonable proxy for this behavior and we have plans to make that available to folks though probably post 1.0.

@facundomedica
Copy link

facundomedica commented Aug 2, 2018
edited
Loading

I'm also trying to get the client's IP. What OP asks is basically that, but he/she also goes on to explain why he needs it.

I'm printing the requests that arrive to my container:

POST /shared/login HTTP/1.1
Host: primeratest.REDACTED.co
Accept-Encoding: gzip
Content-Length: 364
Content-Type: application/x-www-form-urlencoded
User-Agent: okhttp/3.8.1
X-B3-Sampled: 1
X-B3-Spanid: 5dc565d1235a089c
X-B3-Traceid: 5dc565d1235a089c
X-Envoy-Internal: true
X-Forwarded-For: 10.xxx.0.4 // this is an internal IP
X-Forwarded-Proto: https
X-Request-Id: e78ed2dc-9eb8-934b-b311-75e1bce9869

I have a gateway and a VirtualService:

---
kind: Service
apiVersion: v1
metadata:
  name: api
  labels:
    app: api
spec:
  selector:
    app: api
  ports:
    - port: 5000
      protocol: TCP
      targetPort: 5000
      name: http
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: api-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
      privateKey: /etc/istio/ingressgateway-certs/tls.key
    hosts:
    - "primeratest.redacted.co"
  - port:
      number: 80
      name: http
      protocol: HTTP
    tls:
      httpsRedirect: true
    hosts:
    - "primeratest.redacted.co"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: api
spec:
  hosts:
  - "primeratest.redacted.co"
  gateways:
  - api-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: api
        port:
          number: 5000

EDIT: I followed this link from the newer repo, didn't realized that this was old.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/networking area/policies and telemetry kind/enhancement
Projects
None yet
Milestone
Nebulous Future
Development

No branches or pull requests
3 participants
@azr @louiscryan @facundomedica