We expose emissary to public internet requests as well as requests from untrusted private IPs (e.g. coming from customers private links), the ones coming from private links are marked as private (X-Envoy-Internal: true and no X-Envoy-External-Address defined) because by default internal_address_config corresponds to RFC1918 IP addresses, this is not what we want, as those private IP customer requests are not really internal.
Describe the solution you'd like
We want internal_address_config to be user configurable, a thing that at the moment is not possible.
Describe alternatives you've considered
LUA scripts to add the header manipulations that comes free with envoy, it if could be configurable.
Additional context
This is not the first time we encounter a limitation on emissary ingress on low level configuration of envoy, see for example requests for other needs like https://github.com/emissary-ingress/emissary/issues/4606, or, always coming from our needs, the ability to configure this extension, if possible we would like to have a general way to reach and freely configure the underling envoy proxy.
Please describe your use case / problem.
We expose emissary to public internet requests as well as requests from untrusted private IPs (e.g. coming from customers private links), the ones coming from private links are marked as private (
X-Envoy-Internal: trueand noX-Envoy-External-Addressdefined) because by defaultinternal_address_configcorresponds to RFC1918 IP addresses, this is not what we want, as those private IP customer requests are not really internal.Describe the solution you'd like We want
internal_address_configto be user configurable, a thing that at the moment is not possible.Describe alternatives you've considered LUA scripts to add the header manipulations that comes free with envoy, it if could be configurable.
Additional context This is not the first time we encounter a limitation on emissary ingress on low level configuration of envoy, see for example requests for other needs like https://github.com/emissary-ingress/emissary/issues/4606, or, always coming from our needs, the ability to configure this extension, if possible we would like to have a general way to reach and freely configure the underling envoy proxy.