Add upstream support for PROXYv2 #902
Comments
davecheney
added
kind/feature
|
At the moment I don't believe Envoy offers the option to encapsulate an upstream, Envoy's word for Envoy to Pod traffic, TCP session in a PROXYv2 header. This is a blocker for adding this feature to Contour. |
davecheney
removed
help wanted
|
Hello, Without support for PROXYv2 in envoy we cannot implement this feature. I would prefer not to leave this issue open indefinitely as there are no active plans to work on it. If/when upstream implements PROXYv2 support towards backends please reopen this issue. |
|
In the envoy project on github there is already some effort on implementing proxy protocl for upstreams, for example envoyproxy/envoy#4128 I will check later on and post again if envoy has completed the implementation... |
|
Thank you for the reference to the Envoy issue. I'll reopen this and target it for beta1, hopefully Envoy 1.11 will be out by then. |
|
Moving to 0.15 as the envoy 1.11.0 upgrade is complete #1242 Marking as help wanted because nobody is scheduled to work on this at the moment. |
davecheney
added
help wanted
|
It looks like this feature is in master, but not 1.11. I'm moving this issue to the unplanned milestone as it is blocked on #1351 |
davecheney
added
blocked
|
PROXY support for upstream sockets (envoyproxy/envoy#1031) has now landed in Envoy (envoyproxy/envoy#12762). |
youngnick
added
lifecycle/needs-triage
|
I've put this one back into "needs triage" so that we can reevaluate where it's at and try to get it prioritized. |
|
xref #2529 |
youngnick
removed
the
lifecycle/needs-triage
|
The Contour project currently lacks enough contributors to adequately respond to all Issues. This bot triages Issues according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack |
github-actions
bot
added
the
lifecycle/stale
|
The Contour project currently lacks enough contributors to adequately respond to all Issues. This bot triages Issues according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack |
Describe the solution you'd like
As a platform operator, I would like to use Contour at the border/edge of all my regions (e.g. it has a public IP address). Contour will terminate HTTP1.1, HTTP2.0, GRPC, WebSocket, TCP, HTTPS, etc.
Then I would like it to proxy the connection to backend Ingress Controllers that run in each upstream Kubernetes cluster which may or may not be Contour. This proxying should be done with the PROXYv2 protocol so that connection metadata (client IP address, mTLS SAN, etc) are passed onto the upstream ingress controller.
Blocked
The text was updated successfully, but these errors were encountered: