lds: Make listen socket options optional and improve docs#558
lds: Make listen socket options optional and improve docs#558ggreenway merged 5 commits intoenvoyproxy:masterfrom rlenglet:make-listen-socket-options-optional
Conversation
Document the behavior when each option is set to true, set to false, or unset. Document that the transparent option should be used in conjunction the original_dst_filter to restore the original destination address. Signed-off-by: Romain Lenglet <romain@covalent.io>
Signed-off-by: Romain Lenglet <romain@covalent.io>
…#522) Add a "transparent" option to Listener to set the SOL_IP/IP_TRANSPARENT option on listen sockets, which allows using Envoy with the iptables TPROXY target. Unlike the iptables REDIRECT target, TPROXY allows preserving both the source and destination IP addresses and ports of accepted connections. API changes for: envoyproxy/envoy#2719 Signed-off-by: Romain Lenglet <romain@covalent.io>
Signed-off-by: Romain Lenglet <romain@covalent.io>
rlenglet
changed the title
|
@ggreenway please review again. The checks are passing now. |
|
I'd clarify that: |
|
Also, I'd prefer merging this before envoyproxy/envoy#2734. |
That's less clear to me. The comment I added about |
Signed-off-by: Romain Lenglet <romain@covalent.io>
|
Clarified the behavior of "restored" addresses for TPROXYed connections, to address @jrajahalme's comment. |
|
@rlenglet There's a merge conflict :( |
|
@ggreenway Merged from master. Sorry for the delay. |
| * tracing: when using the zipkin tracer, it is no longer necessary to propagate the | ||
| :ref:`x-ot-span-context <config_http_conn_man_headers_x-ot-span-context>` header. | ||
| See more on trace context propagation :ref:`here <arch_overview_tracing>`. | ||
| * listeners: added :ref:`transparent <envoy_api_field_Listener.transparent>` option. |
There was a problem hiding this comment.
nit: in the future please alpha order the functional area ("listeners"). Don't worry about it for now though. I will fix in the larger release note merge I am doing.
|
@ggreenway @mattklein123 Could you please re-approve? Your approvals get dismissed after I merged master into my branch. |
…)" This reverts commit 24c90e9. Signed-off-by: Matt Klein <mklein@lyft.com>
This follows up from envoyproxy#558 which made IP_FREEBIND a BoolValue for LDS but not for upstream. I think it makes sense to have it in both places given the new socket options setup introduce in envoyproxy/envoy#2734. Some bonus docs fixups thrown in. Signed-off-by: Harvey Tuch <htuch@google.com>
This follows up from #558 which made IP_FREEBIND a BoolValue for LDS but not for upstream. I think it makes sense to have it in both places given the new socket options setup introduce in envoyproxy/envoy#2734. Some bonus docs fixups thrown in. Signed-off-by: Harvey Tuch <htuch@google.com>
4 participants
Redefine the transparent and freebind listener options using
google.protobuf.BoolValue instead of bool.
Document the behavior when each option is set to true, set to false,
or unset.
Document that the transparent option should be used in conjunction
the original_dst_filter to restore the original destination address.
Mention the transparent option in version history.
Signed-off-by: Romain Lenglet romain@covalent.io