serving
serving copied to clipboard
knative
Feature Request Discussion: Proxy Protocol Probing Support
/area networking
Describe the feature
External load balancers are a fact of life for cloud service providers for a variety of reasons.
When exposing Knative services to users, cloud service providers often need or desire the source IP of their clients, either for access control at the IP level or for business logic based on geolcation.
Given the above, this requires configuring the external load-balancers and the service mesh gateway (ie istio-ingressgateway or similar) to communicate via the proxy-protocol which is designed to exchange the client IP information during the TCP handshake.
A feature in knative is needed to allow probing when the istio-ingressgateway has been configured to talk proxy-protocol.
Contour could also benefit from this as currently net-contour does not seem to support proxy protocol.
There is clear demand for this functionality as it was also added to kourier.
Full proposal can be found in the knative serving google docs.
Just faced the exact problem. Ksvc never becomes ready, because of "waiting for loadbalancer". Disabling proxy_protocol resolves the issue, but reveal other problems with client identification.
This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm going to close this out - looks like this isn't being pursued anymore.