From f83970d5a2ec2c675accde92919de08db65f99f3 Mon Sep 17 00:00:00 2001 From: Rudrakh Panigrahi Date: Wed, 23 Oct 2024 12:28:55 +0530 Subject: [PATCH] support setting trusted CIDRs --- api/v1alpha1/clienttrafficpolicy_types.go | 15 +++++++++++++-- api/v1alpha1/zz_generated.deepcopy.go | 5 +++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go index 63b2c91fb2ec..eb96d3583277 100644 --- a/api/v1alpha1/clienttrafficpolicy_types.go +++ b/api/v1alpha1/clienttrafficpolicy_types.go @@ -237,14 +237,25 @@ type ClientIPDetectionSettings struct { } // XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address. +// Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for +// for more details. type XForwardedForSettings struct { // NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP // headers to trust when determining the origin client's IP address. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for - // for more details. + // Only one of NumTrustedHops and TrustedCIDRs can be set. // // +optional NumTrustedHops *uint32 `json:"numTrustedHops,omitempty"` + + // TrustedCIDRs is a list of trusted CIDRs to trust when + // evaluating the remote IP address to determine the original client's IP address. + // Only one of NumTrustedHops and TrustedCIDRs can be set. + // + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:ItemsFormat=cidr + // +notImplementedHide + TrustedCIDRs []string `json:"trustedCIDRs,omitempty"` } // CustomHeaderExtensionSettings provides configuration for determining the client IP address for a request based on diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index f2cf9072fa62..d800e7ccfcb0 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -5574,6 +5574,11 @@ func (in *XForwardedForSettings) DeepCopyInto(out *XForwardedForSettings) { *out = new(uint32) **out = **in } + if in.TrustedCIDRs != nil { + in, out := &in.TrustedCIDRs, &out.TrustedCIDRs + *out = make([]string, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XForwardedForSettings.