Isito 1.2.0 application can get source IP, 1.2.2 cannot be get #15236
Comments
|
Can you clarify exactly what you mean by "get source IP" so we can reproduce this more easily? |
|
The web application gets the visitor's ip, similar to request.getHeader("X-Real-IP") or |
|
In 1.2.0 we made a change to this area, that had unintended side effects. We decided to revert the change by default and a flag to turn it on. I suspect with the flag youll get the behavior you need? You'll need to set the environment variable |
|
How to set the environment variable PILOT_SIDECAR_USE_REMOTE_ADDRESS in istio-demo.yaml, is there a document? |
|
That file is just intended to try out istio and doesn't support customization. If you want to customize settings you should follow https://istio.io/docs/setup/kubernetes/install/helm/ You could also |
|
Mainly I did not install helm, thank you very much, I tried |
|
@howardjohn Thank you very much, it is normal now. Can you say why PILOT_SIDECAR_USE_REMOTE_ADDRESS is set to false by default? Is there any hidden danger when set to true? |
|
until 1.2 we always had it to false. in 1.2 we set it to true and it broke a bunch of users. I don't think there are any hidden dangers, just what behavior the user depends on |
|
Ok, thank you very much. |
(NOTE: This is used to report product bugs:
To report a security vulnerability, please visit https://istio.io/about/security-vulnerabilities/
To ask questions about how to use Istio, please visit https://discuss.istio.io
)
Bug description
Isito 1.2.0 application can get source IP, 1.2.2 cannot be get
The web application gets the visitor's ip, similar to request.getHeader("X-Real-IP") or
request.getHeader("X-Forwarded-For"), istio 1.2.0 version can get the correct ip, 1.2.2 has always been 127.0.0.1
Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[X] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
Expected behavior
The application gets the source ip of the visitor
Steps to reproduce the bug
Set interceptionMode: TPROXY
kubectl apply -f istio-demo.yaml
Version (include the output of
istioctl version --remoteandkubectl version)istioctl version --remote
client version: 1.2.2
citadel version: 1.2.2
egressgateway version: 1.2.2
galley version: 1.2.2
ingressgateway version: 1.2.2
pilot version: 1.2.2
policy version: 1.2.2
sidecar-injector version: 1.2.2
telemetry version: 1.2.2
kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:40:16Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:32:14Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
How was Istio installed?
kubectl apply -f istio-demo.yaml
Environment where bug was observed (cloud vendor, OS, etc)
CentOS Linux release 7.6.1810 (Core)
Linux 5.1.15-1.el7.elrepo.x86_64
Additionally, please consider attaching a cluster state archive by attaching
the dump file to this issue.
The text was updated successfully, but these errors were encountered: