New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upstream TCP with proxy protocol #44342
Comments
cc |
Thanks for posting this issue. It was previously tracked here as well: #42257 |
Thank you very much for your previous issue link! I see you had similar idea as mine but you found more info about internals handling this case. Anyway - It's sad that istio doesn't support proxy protocol on downstream and on upstream, as IMO this could be just a flag on the route/listener. There are real usecases for both and I see people asking for it in lots of issues (mostly downstream). |
My workaround from mentioned PR patch works! |
/reopen |
Can this be closed now that #48237 has shipped? |
Probably yes, I haven't checked if it works tho. |
There's no way to enable proxy protocol on only one of ports - it's only specified in |
This is like tunnel, making it per port is viable too |
Also it looks like it's working only for cluster-internal services. |
DR must be bound with a service, so you can define a SE for external service |
It shouldn't be neccessary as I've native Service defined for those, just with |
Describe the feature request
Making connection to upstreams services (envoy clusters) encapsulated in PROXY protocol.
Feature was requested at forums at least 2 times and I saw some stackoverflow posts about it too:
Describe alternatives you've considered
EnvoyFilter, but now it's impossible to do using filters due to
transport_socket_matches
being an array - MERGE is addingtransport_socket
at the end and it's never matched asis before and is matching all the traffic.
The only way I figured out it very much dirty and is recreating whole cluster. This AFAIK makes it impossible to apply other
EnvoyFilter.ClusterMatch
filters based on service names later.Affected product area (please put an X in all that apply)
[ ] Ambient
[x] Docs
[ ] Installation
[x] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
Affected features (please put an X in all that apply)
[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane
The text was updated successfully, but these errors were encountered: