feat: enable use-proxy-protocol (#1201)

Co-authored-by: Ani Argjiri <ani.argjiri@redkubes.com>
linode · Jul 28, 2023 · ff1f9fe · ff1f9fe
1 parent 25cc192
commit ff1f9fe
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml
@@ -243,6 +243,8 @@ environments:
               accessLogFile: "/dev/stdout"
               enableAutoMtls: true
               defaultConfig:
+                gatewayTopology:
+                  numTrustedProxies: 1
                 tracing:
                   sampling: 0.1
           jaeger:

diff --git a/helmfile.d/snippets/derived.gotmpl b/helmfile.d/snippets/derived.gotmpl
@@ -114,6 +114,13 @@ environments:
             enabled: false # {{ $a | get "snapshot-controller.enabled" (and (eq $provider "aws") (gt ($v.cluster.k8sVersion | float64) 1.22)) }}
           tigera-operator:
             enabled: {{ $a | get "tigera-operator.enabled" (eq $provider "aws") }}
+          {{- if $v.otomi.hasCloudLB }}
+          istio: 
+            meshConfig:
+              defaultConfig:
+                gatewayTopology:
+                  numTrustedProxies: 2
+          {{- end }}
         ingress:
           classes:
           - {{- $v.ingress.platformClass | toYaml | nindent 12 }}
@@ -123,4 +130,4 @@ environments:
         otomi:
           version: {{ $otomiTag }}
         versions: {{- $versions | toYaml | nindent 10 }}
-      - ../core.yaml
+      - ../core.yaml
diff --git a/values/ingress-nginx/ingress-nginx.gotmpl b/values/ingress-nginx/ingress-nginx.gotmpl
@@ -96,9 +96,7 @@ controller:
     # log-format-upstream: '{"time":"$time_iso8601","remote_addr":"$proxy_protocol_addr","x_forward_for":"$proxy_add_x_forwarded_for","request_id":"$req_id","remote_user":"$remote_user","bytes_sent":$bytes_sent,"request_time":$request_time,"status":$status,"vhost":"$host","request_proto":"$server_protocol","path":"$uri","request_query":"$args","request_length":$request_length,"duration":$request_time,"method":"$request_method","http_referrer":"$http_referer","http_user_agent":"$http_user_agent"}'
     ssl-redirect: {{ not $v.otomi.hasCloudLB }}
     use-forwarded-headers: {{ $v.otomi.hasCloudLB }}
-    {{- if eq $v.cluster.provider "aws" }}
     use-proxy-protocol: true
-    {{- end }}
   stats:
     enabled: true
   metrics:
@@ -135,6 +133,9 @@ controller:
       {{- if $privateNetwork }}
       service.beta.kubernetes.io/aws-load-balancer-internal: true
       {{- end }}
+      {{- if eq $v.cluster.provider "digitalocean" }}
+      service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: true
+      {{- end }}
       {{- end }} {{/* if eq $v.cluster.provider "aws" */}}
       {{- if eq $v.cluster.provider "google" }}
       {{- if $privateNetwork }}