Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose use_remote_address #1290

Merged
merged 2 commits into from
Sep 23, 2024
Merged

Expose use_remote_address #1290

merged 2 commits into from
Sep 23, 2024

Conversation

skonto
Copy link
Contributor

@skonto skonto commented Sep 20, 2024
edited
Loading

Changes

  • As per title
  • When the field is set to true and num of hops is zero (Kourier at the edge) you can get the downstream ip of the client in X-Envoy-External-Address.
    To observe use in config-observability:
 logging.enable-request-log: "true"
 logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}", "XFF": "{{index .Request.Header "X-Forwarded-For"}}", "XEAA": "{{index .Request.Header "X-Envoy-External-Address"}}"}'

For more check Example 1 in here.

/kind enhancement

Fixes #1289

Release Note

Adds support for use_remote_address field.

Docs

@knative-prow Knative Prow
Copy link

knative-prow bot commented Sep 20, 2024

@skonto: The label(s) kind/<kind> cannot be applied, because the repository doesn't have them.

In response to this:

Changes

  • As per title
  • When the field is set to true and num of hops is zero (Kourier at the edge) you can get the downstream ip of the client.
    To observe use in config-obsverability:
logging.enable-request-log: "true"
logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}", "XFF": "{{index .Request.Header "X-Forwarded-For"}}", "XEAA": "{{index .Request.Header "X-Envoy-External-Address"}}"}'

For more check Example 1 in here.

/kind

Fixes #1289

Release Note

Adds support for use_remote_address field.

Docs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@knative-prow knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 20, 2024
skonto
skonto commented Sep 20, 2024
View reviewed changes
pkg/envoy/api/http_connection_manager_test.go
@@ -40,7 +40,7 @@ func TestNewHTTPConnectionManagerWithoutAccessLogWithoutProxyProtocol(t *testing
}
connManager := NewHTTPConnectionManager("test", &kourierConfig)
assert.Check(t, len(connManager.AccessLog) == 0)
assert.Check(t, connManager.UseRemoteAddress == nil)
assert.Check(t, connManager.UseRemoteAddress.Value == false)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are they mutual exclusive? Should we warn the user? 🤔

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean by that?

Copy link
Contributor Author

@skonto skonto Sep 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean can we use proxy protocol along with use-remote-address, what if both are enabled? I will check if that creates an issue.

Copy link
Contributor Author

@skonto skonto Sep 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does not seem to create a problem in gateway logs but don't have an environment to easily check this with traffic.

@skonto skonto changed the title Expose use-remote-address Expose use_remote_address Sep 20, 2024
@codecov Codecov
Copy link

codecov bot commented Sep 20, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 62.38%. Comparing base (705fb63) to head (4247297).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1290      +/-   ##
==========================================
+ Coverage   62.31%   62.38%   +0.06%     
==========================================
  Files          24       24              
  Lines        1632     1635       +3     
==========================================
+ Hits         1017     1020       +3     
  Misses        553      553              
  Partials       62       62

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@skonto
Copy link
Contributor Author

skonto commented Sep 20, 2024

@ReToCode any idea about the tls failures?

@ReToCode
Copy link
Member

I don't see any failures?

/lgtm
/approve

/hold feel free to merge when ready.

@knative-prow knative-prow bot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm Indicates that a PR is ready to be merged. labels Sep 23, 2024
@knative-prow Knative Prow
Copy link

knative-prow bot commented Sep 23, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ReToCode, skonto

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@skonto
Copy link
Contributor Author

skonto commented Sep 23, 2024

I don't see any failures?

Yeah I re-run it check here: https://github.com/knative-extensions/net-kourier/actions/runs/10958128614/attempts/2?pr=1290 (it passed with the 3rd attempt).

@ReToCode
Copy link
Member

Hm, might be flaky (don't know). But has nothing to do with your change here.

@skonto
Copy link
Contributor Author

skonto commented Sep 23, 2024

/unhold

@knative-prow knative-prow bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 23, 2024
@knative-prow knative-prow bot merged commit 3268c57 into knative-extensions:main Sep 23, 2024
46 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@izabelacg izabelacg Awaiting requested review from izabelacg

@ReToCode ReToCode Awaiting requested review from ReToCode

Assignees

@dprotaso dprotaso

@ReToCode ReToCode

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Expose use_remote_address for edge scanarios
3 participants
@skonto @ReToCode @dprotaso