Open aoledk opened 4 months ago
+1, this is enabled in Istio gateway, so we have 2 options to do IP whitelisting
@arkodg can we consider this?
sure this makes sense, we enable this by default if listener protocol is TCP
?
sure this makes sense, we enable this by default if listener protocol is
TCP
?
That should be an opt-in feature for TCP
listener, because Envoy requires user to setup appropriate route rules to make Original Source listener filter to work correctly ^1.
@arkodg nvm, seems like RBAC remote_ip on Envoy doesn't required this plugin. https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.proto#envoy-v3-api-msg-config-rbac-v3-principal
/assign
This issue has been automatically marked as stale because it has not had activity in the last 30 days.
would this be to allow us to filter on source IP?
Description:
[optional Relevant Links:]