Hey,
I am trying to set envoy to use proxy protool with no success.
What I am actually want to do is to preserve the source ip of the connection into the cluster.
My setup is that I have a kubernetes cluster managed by EKS, I am working with istio 1.6.4 and envoy 1.14.3.
I have one netcat pod as tcp server, sitting behind a service of type load balancer.
From here: https://discuss.istio.io/t/how-to-enable-proxy-protocol-for-istio-ingress-gateway/2931/3
It says that I should add the following annotations to the load balancer for EKS:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: *
For the load balancer to add the proxy protocol.
And also apply listener filter in envoy:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: proxy-protocol
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: LISTENER
patch:
operation: MERGE
value:
listener_filters:
- name: envoy.listener.proxy_protocol
- name: envoy.listener.tls_inspector
When I do that the connection is stop working and I get the following logs in the sideccar sitting on the server:
“closing connection: no matching filter chain found”
In the conf dump of emvoy I can see that the proxy_protocol listener filter was applied on the INBOUND virtual listener.
Any idea why is it not working for me?