Comments (5)
Thanks to @oktalz we have a working patch in the branch bind-accept-proxy. That said, I thought a bit more about this feature and I think I want to improve it this way:
- add an option to provide a list of source IP supposed to send the proxy protocol
The reason is simple: we may have a layer of External Load-balancer which can set the proxy protocol (ELB, HAProxy) and have in the mean time internal clients reaching directly the ingress controller without sending the proxy protocol.
If there is no source IP given with the configuration, then the rule will apply to entire traffic. If there is a list, then we'll enforce proxy protocol to this source IPs only
from kubernetes-ingress.
This would be useful as well to put the controller behind ELB
from kubernetes-ingress.
Any update here? We have a hardware lb in front of ingress which adds client ip via proxy protocol to tcp connections and we need that information on our application...
from kubernetes-ingress.
Well, I did a first implementation "which works" but I was not satisfied by it (it was just a "enable/disable" kind of thing.).
I want something more granular where we can enforce Proxy-Protocol for some source IPs only (or all traffic of course).
but this require support for new tcp-request rules in the client-native library that will be available with v2 of it (in a couple of weeks).
In short, I'll restart working on this one in a couple of weeks.
from kubernetes-ingress.
Support for proxy-protocol has been added here 8c898cb
from kubernetes-ingress.
Related Issues (20)
- Unsupported version 'v1.0.0' of gateway api is installed, please install experimental yaml version v0.5.1 HOT 1
- Feature request: add annotation haproxy.org/rate-limit-whitelist HOT 2
- DOC: Remove link to 'external mode' blog post HOT 1
- FR: http-request set-priority-class HOT 7
- FR: slowstart in annotations HOT 3
- Fails to start when run as non-root HOT 1
- crd-check.go invocation should be idempotent in case of exising CRDs HOT 4
- Prometheus metrics of the pods in MAINT state HOT 1
- annotation "haproxy.org/load-balance: uri path-only" causes configuration reloads HOT 2
- Access logs settings get overridden if using a Global Custom Resource HOT 6
- constant prometheus reloading HOT 4
- default backend not working when --ingress.class defined HOT 2
- Regular expressions in "path" do not appear to work HOT 1
- docs: `haproxy.org/server-ssl` tip is misleading HOT 1
- Ingress reloading almost all the time with v1.11.1 HOT 1
- Add ability to use oauth2 authentication. HOT 3
- Use existing NLB for HAProxy ingress HOT 2
- questions about request headers HOT 3
- http -> https default redirect not working by default HOT 10
- Deployment yaml still point to privileged port after s6 upgrade HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-ingress.