问题：k3s Ingress中获取不到真实的IP地址X-Real-Ip

• 原因：网关带了X-Real-Ip过来，但是k3s Traefik没有接收，需要打开头部允许
  https://doc.traefik.io/traefik/routing/entrypoints/

解决办法(实测有效)

#vi /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    additionalArguments:
      - "--entryPoints.web.proxyProtocol.insecure"
      - "--entryPoints.web.forwardedHeaders.insecure"
      - "--entryPoints.websecure.proxyProtocol.insecure"
      - "--entryPoints.websecure.forwardedHeaders.insecure" 
#结束线


#说明--------------------------
      - "--entryPoints.web.proxyProtocol.insecure"  #启用web.PROXY的header接收
      - "--entryPoints.web.forwardedHeaders.insecure" # 启用X-Forwarded-*
      - "--entryPoints.websecure.proxyProtocol.insecure" # 启用 443 PROXY
      - "--entryPoints.websecure.forwardedHeaders.insecure"  # 启用 443 X-Forwarded-*
      # 白名单（可选）
      #- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,IP1,IP2,IP3"     # 信任的proxy头传入ip段,支持 -数组格式
      #- "--entrypoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,IP1,IP2,IP3"  # 信任 X-Forwarded-*的传入ip段
      #- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,IP1,IP2,IP3"  # 443
      #- "--entrypoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,IP1,IP2,IP3"  # 443

重启服务

systemctl daemon-reload 
systemctl restart k3s

使用中间件获取

https://plugins.traefik.io/plugins/628c9f01108ecc83915d776c/traefik-real-ip

使用local模式

https://community.traefik.io/t/getting-real-client-ip-x-forwarded-for-in-k3s-multi-server-ha-setup/16095

修改helm的配置

https://community.traefik.io/t/x-forwarded-for-only-works-for-a-while/5992
https://community.traefik.io/t/client-ip-on-kubernetes-with-loadbalancer/5249

可能有效的修改方法（待测）

https://segmentfault.com/a/1190000043950419