Kubernetes Worker Charm

Add support for ingress config proxy-real-ip-cidr

Bug #2059912 reported by Allan Vidal
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kubernetes Worker Charm
New
Undecided
Unassigned

Bug Description

The charm allows enabling `use-forwardded-headers`: https://charmhub.io/kubernetes-worker/configuration#ingress-use-forwarded-headers

However, it's most useful (and safe) to use that together with proxy-real-ip-cidr. That prevents the ingress from trusting forwarded headers from all sources, and instead accept it only from a few known trustworthy sources (e.g., one specific load balancer).

See:
- https://kubernetes.github.io/ingress-nginx/user-guide/miscellaneous/#source-ip-address
- https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#proxy-real-ip-cidr

Would it be possible add this new configuration to the charm?

Revision history for this message
Matheus Carvalho Raimundo (mcarvalhor) wrote :

Maybe https://github.com/charmed-kubernetes/charm-kubernetes-worker

Revision history for this message
Allan Vidal (alnvdl) wrote (last edit ):

Matheus, I'm not sure I understand your message. That page you linked tells me to open the issue here.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.