I am trying to set envoy to use proxy protool with no success.
What I am actually want to do is to preserve the source ip of the connection into the cluster.
My setup is that I have a kubernetes cluster managed by EKS, I am working with istio 1.6.4 and envoy 1.14.3.
I have one netcat pod as tcp server, sitting behind a service of type load balancer.
From here: https://discuss.istio.io/t/how-to-enable-proxy-protocol-for-istio-ingress-gateway/2931/3
It says that I should add the following annotations to the load balancer for EKS:
For the load balancer to add the proxy protocol.
And also apply listener filter in envoy:
- applyTo: LISTENER
- name: envoy.listener.proxy_protocol
- name: envoy.listener.tls_inspector
When I do that the connection is stop working and I get the following logs in the sideccar sitting on the server:
“closing connection: no matching filter chain found”
In the conf dump of emvoy I can see that the proxy_protocol listener filter was applied on the INBOUND virtual listener.
Any idea why is it not working for me?