From 0f3b290ae6f4076b07fcf075c2fa11321b95af83 Mon Sep 17 00:00:00 2001 From: yoshino-s Date: Thu, 6 Jun 2024 18:52:29 +0800 Subject: [PATCH] support custom xff trust num --- cmd/deploy.yaml | 3 ++- cmd/server.go | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/cmd/deploy.yaml b/cmd/deploy.yaml index f9d725d..cb22393 100644 --- a/cmd/deploy.yaml +++ b/cmd/deploy.yaml @@ -17,9 +17,10 @@ spec: spec: containers: - name: APP - image: registry.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:latest + image: registry.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:dev imagePullPolicy: Always args: + - server - --tls-cert-file-path=/etc/webhook/certs/cert.pem - --tls-key-file-path=/etc/webhook/certs/key.pem ports: diff --git a/cmd/server.go b/cmd/server.go index a3c7397..fa03fd8 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -40,6 +40,7 @@ type Config struct { WebhookListenAddr string TLSCertFilePath string TLSKeyFilePath string + XffNumTrustedHops int } var ( @@ -108,7 +109,7 @@ var ( }) typedConfig["upgradeConfigs"] = upgradeConfigs typedConfig["useRemoteAddress"] = true - typedConfig["xffNumTrustedHops"] = 2 + typedConfig["xffNumTrustedHops"] = cmdConfig.XffNumTrustedHops } } } @@ -181,4 +182,5 @@ func init() { serverCmd.PersistentFlags().StringVar(&cmdConfig.WebhookListenAddr, "webhook-listen-address", ":8080", "The address where the HTTPS server will be listening to serve the webhooks.") serverCmd.PersistentFlags().StringVar(&cmdConfig.TLSCertFilePath, "tls-cert-file-path", "", "The path for the webhook HTTPS server TLS cert file.") serverCmd.PersistentFlags().StringVar(&cmdConfig.TLSKeyFilePath, "tls-key-file-path", "", "The path for the webhook HTTPS server TLS key file.") + serverCmd.PersistentFlags().IntVar(&cmdConfig.XffNumTrustedHops, "xff-num-trusted-hops", 1, "The number of trusted hops for the X-Forwarded-For header.") }