envoyproxy/gateway

envoy-gateway: Additional configuration for determining internal address

Open

#3,598 建立於 2024年6月12日

在 GitHub 查看
 (7 留言) (0 反應) (1 負責人)Go (802 fork)auto 404
help wanted

倉庫指標

Star
 (2,871 star)
PR 合併指標
 (PR 指標待抓取)

描述

Description The http request header x-forwarded-for (XFF) is not beeing set when the request is origination from ip-ranges that envoy detects as internal. By default any request from private ip ranges (RFC1918 / RFC4193) are considered internal. Envoy's list of internal CIDR ranges can be configured with the internal address configuration in the http connection manager.

When running the envoy gateway in an internal network, where the client will connect directly to the envoy-gateway without network address translation from a private ip addresses, it would still be interesting to know the client's IP address. When the XFF header is not set, the backend will only have the ip address of the proxying gateway, and not the actual client.

Please provide guidance for how to configure the envoy-gateway with custom CIDR ranges to consider as internal. Ideally it should be possible to set this via helm values, or at least via relevant kubernetes configuration objects. In the meantime I would also be interested in ways to configure this via low level interfaces, e.g. overriding the bootstrap configuration or any other way, if that is possible?

Relevant Links

貢獻者指南