-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removal of PILOT_ENABLE_INBOUND_PASSTHROUGH environment variable #37642
Comments
@jacob-delgado There are many companies (like us), which have many applications still listening on 127.0.0.1 instead of podip (and listening on podip is a security concern for us as people can bypass proxy). So I think we should leave this open for folks to use it. I know there is an alternative (envoy filter), but would prefer not to use envoy filter for such a core functionality. Since this does not cleanup lot of code(or does not create more tech debt), can we please leave it? |
+1 leave this to end users |
I'm fine with leaving this option. We had a customer ask when they were going to remove this feature. Let's leave it in for the foreseeable future. |
Thanks for leaving it in so far. IMHO, it could be removed as soon as there is a reliable/secure mechanism to let a workload ensure/determine that traffic really has passed through a sidecar. |
+1 |
🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2022-05-17. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions. Created by the issue and PR lifecycle manager. |
For those who come across this: This finally has been removed in 1.21 :-/ |
You can use https://github.com/istio/api/blob/master/mesh/v1alpha1/config.proto#L208 for mesh wide config |
@ramaraochavali Thanks for the heads-up, indeed. Unfortunately, this is only available in 1.22, but breaks in 1.21 :-/. We'll try to skip the 1.21 now, let's see how well this goes. |
Describe the feature request
This flag was added for 1.10 for legacy purposes. With the latest version being 1.13 at this time we have met our commitment of retaining this flag. It can now be removed.
See https://istio.io/latest/blog/2021/upcoming-networking-changes/ for more information
Describe alternatives you've considered
N/A
Affected product area (please put an X in all that apply)
[ ] Docs
[ ] Installation
[X] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
Affected features (please put an X in all that apply)
[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane
Additional context
The text was updated successfully, but these errors were encountered: