Skip to content
This repository has been archived by the owner on Feb 27, 2023. It is now read-only.

Add Proxy Protocol Support #49

Closed
danehans opened this issue Oct 15, 2020 · 7 comments · Fixed by #367
Closed

Add Proxy Protocol Support #49

danehans opened this issue Oct 15, 2020 · 7 comments · Fixed by #367
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@danehans
Copy link
Contributor

Please describe the problem you have
Currently, the Envoy Service is annotated with "service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp" that places the AWS ELB in TCP mode. This causes the ELB to masquerade the client IP. Adding proxy protocol support will allow the client IP to be preserved for ELB'd connections.

Another approach is to use AWS NLB instead of ELB since NLB natively preserves client IPs.

/cc @jpeach @stevesloka @michmike

xref: examples/contour/02-service-envoy
@danehans danehans added the kind/feature Categorizes issue or PR as related to a new feature. label Oct 15, 2020
@jpeach
Copy link
Contributor

jpeach commented Oct 15, 2020

Maybe need to look more closely at AWS deployment options. I think the operator should deal with low-level stuff like what annotations to make and the user should specify some sort of high-level AWS-specific goals.

@danehans danehans mentioned this issue Oct 21, 2020
Merged
@Miciah
Copy link

Miciah commented Oct 23, 2020

xref: #70

@stevesloka
Copy link
Member

I think switching over to NLBs is fine, but we're not an AWS only project. We might need to think about having supported configmaps which outline the various annotations or code in to the project support for whatever environment we're deploying into.

@Miciah
Copy link

Miciah commented Oct 23, 2020

AFAIK the other major platforms provide source preservation. At least Azure and GCP do. AWS's ELBs are the odd one out here.

@jpeach
Copy link
Contributor

jpeach commented Oct 25, 2020

I think switching over to NLBs is fine, but we're not an AWS only project. We might need to think about having supported configmaps which outline the various annotations or code in to the project support for whatever environment we're deploying into.

Right. This was what the kustomize PR #2474 did.

Pretty sure that NLB works out cheaper https://aws.amazon.com/elasticloadbalancing/pricing/

@danehans
Copy link
Contributor Author

xref contour nlb docs: https://projectcontour.io/guides/deploy-aws-nlb/

@danehans
Copy link
Contributor Author

xref contour proxy protocol support docs: https://projectcontour.io/guides/proxy-proto/

@danehans danehans mentioned this issue Feb 2, 2021
Closed
@danehans danehans mentioned this issue May 21, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adds Proxy Protocol Support danehans/contour-operator
4 participants
@jpeach @stevesloka @danehans @Miciah