ability to define internal_address_config envoy config #5713
Labels
t:feature
New feature or enhancement request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please describe your use case / problem.
We expose emissary to public internet requests as well as requests from untrusted private IPs (e.g. coming from customers private links), the ones coming from private links are marked as private (
X-Envoy-Internal: trueand noX-Envoy-External-Addressdefined) because by defaultinternal_address_configcorresponds to RFC1918 IP addresses, this is not what we want, as those private IP customer requests are not really internal.Describe the solution you'd like
We want
internal_address_configto be user configurable, a thing that at the moment is not possible.Describe alternatives you've considered
LUA scripts to add the header manipulations that comes free with envoy, it if could be configurable.
Additional context
This is not the first time we encounter a limitation on emissary ingress on low level configuration of envoy, see for example requests for other needs like #4606, or, always coming from our needs, the ability to configure this extension, if possible we would like to have a general way to reach and freely configure the underling envoy proxy.
The text was updated successfully, but these errors were encountered: