istio: IP whitelist does not work
Describe the bug IP whitelist does not work
Expected behavior Only IP addresses in the whitelist should be allowed
Steps to reproduce the bug
apiVersion: config.istio.io/v1alpha2
kind: listchecker
metadata:
name: whitelistip
namespace: istio-system
spec:
overrides: ['ip1', 'ip2', 'ip3']
entryType: IP_ADDRESSES
blacklist: false
---
apiVersion: config.istio.io/v1alpha2
kind: listentry
metadata:
name: sourceip
namespace: istio-system
spec:
value: request.headers["x-forwarded-for"][0]
---
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
name: checkip
namespace: istio-system
spec:
match: source.labels["istio"] == "ingressgateway"
actions:
- handler: whitelistip.listchecker
instances:
- sourceip.listentry
Version
➜ ~ istioctl version
Version: 1.0.5
GitRevision: a44d4c8bcb427db16ca4a439adfbd8d9361b8ed3
User: root@0ead81bba27d
Hub: docker.io/istio
GolangVersion: go1.10.4
BuildStatus: Clean
➜ ~ kubectl version
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.0", GitCommit:"91e7b4fd31fcd3d5f436da26c980becec37ceefe", GitTreeState:"clean", BuildDate:"2018-06-27T22:29:25Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:08:19Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Installation one key installation from the menu of an alibaba cloud k8s cluster
Environment alibaba cloud
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 16 (9 by maintainers)
I think once #14481 merges, we should close this issue. https://github.com/istio/istio/issues/2802 can be used to track any features around strings and handling them.