Add support for ingress config proxy-real-ip-cidr
Bug #2059912 reported by
Allan Vidal
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubernetes Worker Charm |
New
|
Undecided
|
Unassigned |
Bug Description
The charm allows enabling `use-forwardded
However, it's most useful (and safe) to use that together with proxy-real-ip-cidr. That prevents the ingress from trusting forwarded headers from all sources, and instead accept it only from a few known trustworthy sources (e.g., one specific load balancer).
See:
- https:/
- https:/
Would it be possible add this new configuration to the charm?
To post a comment you must log in.
Maybe https:/ /github. com/charmed- kubernetes/ charm-kubernete s-worker