Closed YvesZHI closed 1 month ago
cced code owner @yangminzhu @yanavlasov
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.
I'm trying to use RBAC to build a IP whitelist for TCP. My envoy is configured with dynamic filesystem: https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/configuration-dynamic-filesystem
lds.yaml
file:cds.yaml
file:As you see, only
192.168.0.23
can get access to the tcp proxy. It works as expected. The client192.168.0.23
can communicate with192.168.0.181
.Then I create another
lds.yaml
, whosedirect_remote_ip
under RBAC config is192.168.0.24
and I execute the commandmv ./lds.yaml ~/enovy/lds.yaml
to replace the currentlds.yaml
with the new one. Now the hot reload of envoy should be triggered.However, I find that the connection, which existed before the hot reload of envoy, is still alive.
So why doesn't updating RBAC with hot reload take effect on existing connection?