Skip to content

Tighten L7 proxy identity and fallback visibility#353

Merged
kacy merged 2 commits intomainfrom
phase6-proxy-operational-hardening
Mar 28, 2026
Merged

Tighten L7 proxy identity and fallback visibility#353
kacy merged 2 commits intomainfrom
phase6-proxy-operational-hardening

Conversation

@kacy
Copy link
Copy Markdown
Owner

@kacy kacy commented Mar 28, 2026

Summary

  • add proxy-generated forwarded headers so backends can recover original client identity without trusting inbound values
  • surface whether VIP-bound HTTP is actually using the L7 proxy or falling back to L4
  • update the Phase 6 design notes to make source-IP and bypass behavior explicit

Commits

  • 54b43f7 Add forwarded client headers to L7 proxy
  • d6a2f47 Expose L7 VIP fallback mode in status

Testing

  • targeted zig build test runs were executed one at a time for the rewritten-header path, socket proxy path, forwarding path, runtime route snapshot, service proxy-routes response, and rollout status sample-route response
  • each targeted run hit the explicit timeout without emitted failures

@kacy kacy merged commit e5c8f2a into main Mar 28, 2026
3 of 7 checks passed
@kacy kacy deleted the phase6-proxy-operational-hardening branch March 28, 2026 16:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kacy