Hi! I am trying to set up IP whitelisting per-service, so that certain services will accept traffic only from client IPs on a whitelist. I followed these instructions:
but this only matches against the source.ip, which I believe is that of the ingressgateway and not the client.
I also set
pilot.env.PILOT_SIDECAR_USE_REMOTE_ADDRESS=true on my helm install, but I don’t know:
- what header the client’s IP is in
- how to match it against the whitelist