ability to define internal_address_config envoy config
dbonf opened this issue · 0 comments
Please describe your use case / problem.
We expose emissary to public internet requests as well as requests from untrusted private IPs (e.g. coming from customers private links), the ones coming from private links are marked as private (X-Envoy-Internal: true
and no X-Envoy-External-Address
defined) because by default internal_address_config
corresponds to RFC1918 IP addresses, this is not what we want, as those private IP customer requests are not really internal.
Describe the solution you'd like
We want internal_address_config
to be user configurable, a thing that at the moment is not possible.
Describe alternatives you've considered
LUA scripts to add the header manipulations that comes free with envoy, it if could be configurable.
Additional context
This is not the first time we encounter a limitation on emissary ingress on low level configuration of envoy, see for example requests for other needs like #4606, or, always coming from our needs, the ability to configure this extension, if possible we would like to have a general way to reach and freely configure the underling envoy proxy.