yoshino-s/cilium-envoy-hook
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support custom xff trust num

Browse Source
This commit is contained in:
yoshino-s
2024-06-06 18:52:29 +08:00
parent ce98821d89
commit 0f3b290ae6
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/deploy.yaml
View File

@@ -17,9 +17,10 @@ spec:
spec:
containers:
- name: APP
image: registry.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:latest
image: registry.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:dev
imagePullPolicy: Always
args:
- server
- --tls-cert-file-path=/etc/webhook/certs/cert.pem
- --tls-key-file-path=/etc/webhook/certs/key.pem
ports:

4
cmd/server.go
View File

@@ -40,6 +40,7 @@ type Config struct {
WebhookListenAddr string
TLSCertFilePath string
TLSKeyFilePath string
XffNumTrustedHops int
}
var (
@@ -108,7 +109,7 @@ var (
})
typedConfig["upgradeConfigs"] = upgradeConfigs
typedConfig["useRemoteAddress"] = true
typedConfig["xffNumTrustedHops"] = 2
typedConfig["xffNumTrustedHops"] = cmdConfig.XffNumTrustedHops
}
}
}
@@ -181,4 +182,5 @@ func init() {
serverCmd.PersistentFlags().StringVar(&cmdConfig.WebhookListenAddr, "webhook-listen-address", ":8080", "The address where the HTTPS server will be listening to serve the webhooks.")
serverCmd.PersistentFlags().StringVar(&cmdConfig.TLSCertFilePath, "tls-cert-file-path", "", "The path for the webhook HTTPS server TLS cert file.")
serverCmd.PersistentFlags().StringVar(&cmdConfig.TLSKeyFilePath, "tls-key-file-path", "", "The path for the webhook HTTPS server TLS key file.")
serverCmd.PersistentFlags().IntVar(&cmdConfig.XffNumTrustedHops, "xff-num-trusted-hops", 1, "The number of trusted hops for the X-Forwarded-For header.")
}