Closed bgagnon closed 4 days ago
Thank you for raising this issue. Its not on the roadmap for Contour 1.0, but I'll add it to the unplanned milestone for consideration after Contour 1.0 ships.
The Contour project currently lacks enough contributors to adequately respond to all Issues.
This bot triages Issues according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack
The Contour project currently lacks enough contributors to adequately respond to all Issues.
This bot triages Issues according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack
Currently, the
--use-proxy-protocol
adds the filter on all listeners (HTTP and HTTPS). This prevents Envoy from answering direct requests that do not speak thePROXY
protocol.Example:
With this feature, the PROXY protocol listener would be separated from the http and https listeners.
Keeping backward compatibility, something like this could work:
The use cases are the following:
A
records directly to the nodes (this doesn't work today because clients talk HTTPS, not PROXY)Ideally, Envoy would simply detect the presence or absence of the PROXY headers, but this is explicitly forbidden by the protocol, according to the Envoy docs: