Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removal of PILOT_ENABLE_INBOUND_PASSTHROUGH environment variable #37642

Closed
jacob-delgado opened this issue Mar 1, 2022 · 9 comments
Closed

Removal of PILOT_ENABLE_INBOUND_PASSTHROUGH environment variable #37642

jacob-delgado opened this issue Mar 1, 2022 · 9 comments
Labels
area/networking kind/enhancement lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while

Comments

@jacob-delgado
Copy link
Contributor

Describe the feature request

This flag was added for 1.10 for legacy purposes. With the latest version being 1.13 at this time we have met our commitment of retaining this flag. It can now be removed.

See https://istio.io/latest/blog/2021/upcoming-networking-changes/ for more information

Describe alternatives you've considered

N/A

Affected product area (please put an X in all that apply)

[ ] Docs
[ ] Installation
[X] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure

Affected features (please put an X in all that apply)

[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane

Additional context
@jacob-delgado jacob-delgado added the lifecycle/staleproof Indicates a PR or issue has been deemed to be immune from becoming stale and/or automatically closed label Mar 1, 2022
@jacob-delgado jacob-delgado added this to the 1.14 milestone Mar 1, 2022
@ramaraochavali
Copy link
Contributor

@jacob-delgado There are many companies (like us), which have many applications still listening on 127.0.0.1 instead of podip (and listening on podip is a security concern for us as people can bypass proxy). So I think we should leave this open for folks to use it. I know there is an alternative (envoy filter), but would prefer not to use envoy filter for such a core functionality.

Since this does not cleanup lot of code(or does not create more tech debt), can we please leave it?

@zirain
Copy link
Member

zirain commented Mar 2, 2022

+1 leave this to end users

@jacob-delgado jacob-delgado removed this from the 1.14 milestone Mar 2, 2022
@jacob-delgado jacob-delgado removed the lifecycle/staleproof Indicates a PR or issue has been deemed to be immune from becoming stale and/or automatically closed label Mar 2, 2022
@jacob-delgado
Copy link
Contributor Author

jacob-delgado commented Mar 2, 2022
edited

I'm fine with leaving this option. We had a customer ask when they were going to remove this feature. Let's leave it in for the foreseeable future.

@sfudeus
Copy link

sfudeus commented Apr 21, 2022

Thanks for leaving it in so far. IMHO, it could be removed as soon as there is a reliable/secure mechanism to let a workload ensure/determine that traffic really has passed through a sidecar.

@sfudeus sfudeus mentioned this issue May 5, 2022
Closed
@kfaseela
Copy link
Member

@jacob-delgado There are many companies (like us), which have many applications still listening on 127.0.0.1 instead of podip (and listening on podip is a security concern for us as people can bypass proxy). So I think we should leave this open for folks to use it. I know there is an alternative (envoy filter), but would prefer not to use envoy filter for such a core functionality.

Since this does not cleanup lot of code(or does not create more tech debt), can we please leave it?

+1

@istio-policy-bot istio-policy-bot added the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Nov 14, 2022
@istio-policy-bot
Copy link

🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2022-05-17. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions.

Created by the issue and PR lifecycle manager.

@istio-policy-bot istio-policy-bot added the lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. label Nov 29, 2022
@sfudeus
Copy link

sfudeus commented Jun 10, 2024

For those who come across this: This finally has been removed in 1.21 :-/
The option to use a Sidecar manifest with a tuned defaultEndpoint still exists, but needs to be done per workload.

@ramaraochavali
Copy link
Contributor

You can use https://github.com/istio/api/blob/master/mesh/v1alpha1/config.proto#L208 for mesh wide config

@sfudeus
Copy link

sfudeus commented Jun 12, 2024

@ramaraochavali Thanks for the heads-up, indeed. Unfortunately, this is only available in 1.22, but breaks in 1.21 :-/. We'll try to skip the 1.21 now, let's see how well this goes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/networking kind/enhancement lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@zirain @kfaseela @sfudeus @ramaraochavali @jacob-delgado @istio-policy-bot