-
Notifications
You must be signed in to change notification settings - Fork 347
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Allow/Deny IP Subnets #2462
Comments
Envoy supports this https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.proto#envoy-v3-api-msg-config-rbac-v3-principal does this feature belong in |
Vote for |
if the |
Is it possible to add a disclaimer stating that the use of routing override is not recommended? |
Should RBAC #2250 be the right home for this? |
I didn't get it. A route level gateway/internal/gatewayapi/securitypolicy.go Lines 359 to 374 in 95f4c10
|
well at least I have use case that same gateway should be apple to serve clients from the internet, but some routes need to have allow/deny ip setting. |
@zhaohuabing A route level SecurityPolicy without Allow/Deny IP setting will override the Allow/Deny IP setting in Gateway level, until we implement #1934
vs
|
thanks for sharing your use case @zetaab, based on community feedback sounds like |
This may not be intended, but the current implementation of gateway/internal/gatewayapi/securitypolicy.go Lines 359 to 374 in 95f4c10
|
@zhaohuabing you are right, this needs to be fixed, being tracked with #2055 which needs improvements in this logic gateway/internal/gatewayapi/securitypolicy.go Line 360 in 100d310
|
@arkodg so this wont be in GA release? |
thanks for driving this @zetaab, the API is close to getting merged, if the implementation does complete by rc (March 1st-4th), we should be able to support it in v1.0 |
This issue has been automatically marked as stale because it has not had activity in the last 30 days. |
This issue has been automatically marked as stale because it has not had activity in the last 30 days. |
Description:
As a user, I would like to limit the client IP address to a few subnets for some cases as well as also deny specific subnets
The text was updated successfully, but these errors were encountered: