New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Isito 1.2.0 application can get source IP, 1.2.2 cannot be get #15236
Comments
Can you clarify exactly what you mean by "get source IP" so we can reproduce this more easily? |
The web application gets the visitor's ip, similar to request.getHeader("X-Real-IP") or |
In 1.2.0 we made a change to this area, that had unintended side effects. We decided to revert the change by default and a flag to turn it on. I suspect with the flag youll get the behavior you need? You'll need to set the environment variable |
How to set the environment variable PILOT_SIDECAR_USE_REMOTE_ADDRESS in istio-demo.yaml, is there a document? |
That file is just intended to try out istio and doesn't support customization. If you want to customize settings you should follow https://istio.io/docs/setup/kubernetes/install/helm/ You could also |
Mainly I did not install helm, thank you very much, I tried |
@howardjohn Thank you very much, it is normal now. Can you say why PILOT_SIDECAR_USE_REMOTE_ADDRESS is set to false by default? Is there any hidden danger when set to true? |
until 1.2 we always had it to false. in 1.2 we set it to true and it broke a bunch of users. I don't think there are any hidden dangers, just what behavior the user depends on |
Ok, thank you very much. |
(NOTE: This is used to report product bugs:
To report a security vulnerability, please visit https://istio.io/about/security-vulnerabilities/
To ask questions about how to use Istio, please visit https://discuss.istio.io
)
Bug description
Isito 1.2.0 application can get source IP, 1.2.2 cannot be get
The web application gets the visitor's ip, similar to request.getHeader("X-Real-IP") or
request.getHeader("X-Forwarded-For"), istio 1.2.0 version can get the correct ip, 1.2.2 has always been 127.0.0.1
Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[X] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
Expected behavior
The application gets the source ip of the visitor
Steps to reproduce the bug
Set interceptionMode: TPROXY
kubectl apply -f istio-demo.yaml
Version (include the output of
istioctl version --remote
andkubectl version
)istioctl version --remote
client version: 1.2.2
citadel version: 1.2.2
egressgateway version: 1.2.2
galley version: 1.2.2
ingressgateway version: 1.2.2
pilot version: 1.2.2
policy version: 1.2.2
sidecar-injector version: 1.2.2
telemetry version: 1.2.2
kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:40:16Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:32:14Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
How was Istio installed?
kubectl apply -f istio-demo.yaml
Environment where bug was observed (cloud vendor, OS, etc)
CentOS Linux release 7.6.1810 (Core)
Linux 5.1.15-1.el7.elrepo.x86_64
Additionally, please consider attaching a cluster state archive by attaching
the dump file to this issue.
The text was updated successfully, but these errors were encountered: