Skip to content

setup allowRequestsWithoutProxyProtocol #6545

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Jul 24, 2025
Merged

setup allowRequestsWithoutProxyProtocol #6545

merged 19 commits into from
Jul 24, 2025

Conversation

@ryanhristovski
Copy link
Contributor

@ryanhristovski ryanhristovski commented Jul 17, 2025
edited
Loading

We support downstream proxy protocol #1328 but we don't currently support allow_requests_without_proxy_protocol .

This cannot be applied to upstream (afaik) so it's only being applied to downstream on ctp.

API Proposed:

    enableProxyProtocol: false # Deprecated, and proxyProtocol takes precedence
    proxyProtocol:
      allowRequestsWithoutProxyProtocol: true	

    enableProxyProtocol: false # Deprecated, and proxyProtocol takes precedence
    proxyProtocol: {}

Hoping to get this in for 1.5, please let me know if you'd like to see anything else

@ryanhristovski ryanhristovski requested a review from a team as a code owner July 17, 2025 15:59
arkodg
arkodg reviewed Jul 17, 2025
View reviewed changes
api/v1alpha1/clienttrafficpolicy_types.go Outdated
// If not set, the default behavior is to reject requests without a Proxy Protocol header.
//
// +optional
AllowRequestsWithoutProxyProtocol *bool `json:"allowRequestsWithoutProxyProtocol,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

prefer Optional bool similar to what we have in the JWT config
wdyt @envoyproxy/gateway-maintainers @envoyproxy/gateway-reviewers

arkodg
arkodg reviewed Jul 17, 2025
View reviewed changes
@ryanhristovski
Fixup api to add deprecated comment
80a33ea 
Signed-off-by: Ryan Hristovski <[email protected]>
@ryanhristovski
fix gencheck
ee4af06 
Signed-off-by: Ryan Hristovski <[email protected]>
@ryanhristovski
lint
02311be 
Signed-off-by: Ryan Hristovski <[email protected]>
@codecov
Copy link

codecov bot commented Jul 17, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 97.22222% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 70.80%. Comparing base (af990e7) to head (f304eca).
⚠️ Report is 180 commits behind head on main.

Files with missing lines Patch % Lines
internal/xds/translator/proxy_protocol.go 92.85% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6545      +/-   ##
==========================================
- Coverage   70.86%   70.80%   -0.06%     
==========================================
  Files         224      224              
  Lines       38769    38783      +14     
==========================================
- Hits        27472    27459      -13     
- Misses       9708     9728      +20     
- Partials     1589     1596       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@arkodg arkodg added this to the v1.5.0-rc.1 Release milestone Jul 17, 2025
arkodg
arkodg reviewed Jul 17, 2025
View reviewed changes
api/v1alpha1/clienttrafficpolicy_types.go Outdated
// Note Proxy Protocol must be present when this field is set, else the connection
// is closed.
//
// Deprecated: Use ProxyProtocol.Enabled instead.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is no Enabled field

arkodg
arkodg reviewed Jul 17, 2025
View reviewed changes
@ryanhristovski
remove enable api field
b6d9152 
Signed-off-by: Ryan Hristovski <[email protected]>
@ryanhristovski
linting & gencheck
099d2bd 
Signed-off-by: Ryan Hristovski <[email protected]>
@ryanhristovski
Copy link
Contributor Author

@arkodg this PR is ready for review

arkodg
arkodg reviewed Jul 21, 2025
View reviewed changes
@ryanhristovski
Remove EnableProxyProtocol from IR
2a00688 
Signed-off-by: Ryan Hristovski <[email protected]>
@ryanhristovski
gen-check
ed0711d 
Signed-off-by: Ryan Hristovski <[email protected]>
@ryanhristovski
Copy link
Contributor Author

/retest

jukie
jukie requested changes Jul 23, 2025
View reviewed changes
arkodg
arkodg reviewed Jul 23, 2025
View reviewed changes
arkodg
arkodg reviewed Jul 23, 2025
View reviewed changes
arkodg
arkodg reviewed Jul 23, 2025
View reviewed changes
@ryanhristovski
Fix based on comments
29e3247 
Signed-off-by: Ryan Hristovski <[email protected]>
@jukie jukie self-requested a review July 23, 2025 17:22
@ryanhristovski
fix enablement logic
03e4646 
Signed-off-by: Ryan Hristovski <[email protected]>
@ryanhristovski
Readd filter exit
c2680e2 
Signed-off-by: Ryan Hristovski <[email protected]>
arkodg
arkodg previously approved these changes Jul 23, 2025
View reviewed changes
Copy link
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks

@arkodg arkodg requested review from a team July 23, 2025 17:42
@ryanhristovski
lint
f304eca 
Signed-off-by: Ryan Hristovski <[email protected]>
@arkodg arkodg merged commit 735d8ae into envoyproxy:main Jul 24, 2025
31 checks passed
@arkodg arkodg mentioned this pull request Sep 2, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arkodg arkodg arkodg approved these changes

@jukie jukie jukie approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v1.5.0-rc.1 Release

Development

Successfully merging this pull request may close these issues.

3 participants

@ryanhristovski @arkodg @jukie