Is it possible to config ingress gateway to use PROXY protocol to send data to the pod, if the virtualservice configured as TCP protocol?
I found this link:
I tried to use this method, but it does not work.
The selector of the ingress gateway is ingressgateway-direct2
So i configured it like that:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: proxy-protocol-v1
namespace: istio-system
spec:
configPatches:
- applyTo: CLUSTER
patch:
operation: MERGE
value:
transport_socket:
name: envoy.transport_sockets.upstream_proxy_protocol
typed_config:
'@type': type.googleapis.com/envoy.extensions.transport_sockets.proxy_protocol.v3.ProxyProtocolUpstreamTransport
config:
version: V1
transport_socket:
name: envoy.transport_sockets.raw_buffer
workloadSelector:
labels:
istio: ingressgateway-direct2
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: tcp-gateway
namespace: test-proxy
spec:
selector:
istio: ingressgateway-direct2
servers:
- hosts:
- '*'
port:
name: tcp
number: 80
protocol: TCP
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: istio-vs
namespace: test-proxy
spec:
gateways:
- tcp-gateway
hosts:
- '*'
tcp:
- match:
- port: 80
route:
- destination:
host: deployment1
port:
number: 6701
And it does not work. Any idea why?
1 Like
Just update, i moved to use the haproxy ingress controller, it is working very good there.
for people also needing this feature: Upstream TCP with proxy protocol · Issue #44342 · istio/istio · GitHub
1 Like