From 3f4328042b49785a35db5326665a2f273876ff6f Mon Sep 17 00:00:00 2001 From: Luong Vo Date: Wed, 17 Jan 2024 17:16:28 +0700 Subject: [PATCH 1/4] Update proxy-proto.md to remove warning about aws load balancer annotations issue https://github.com/kubernetes/kubernetes/issues/57250 has been resolved 2 years ago Signed-off-by: Luong Vo --- site/content/docs/1.24/guides/proxy-proto.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/site/content/docs/1.24/guides/proxy-proto.md b/site/content/docs/1.24/guides/proxy-proto.md index 81be83fe6d3..12f57de0ec7 100644 --- a/site/content/docs/1.24/guides/proxy-proto.md +++ b/site/content/docs/1.24/guides/proxy-proto.md @@ -35,8 +35,6 @@ spec: ... ``` -**NOTE**: The service annotation `service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'` used to toggle the PROXY protocol is found to have no effect on NLBs (Due to this open [issue][2]). Hence, follow the steps mentioned in this AWS [documentation][3] to manually toggle PROXY protocol on NLBs - ## Enable PROXY protocol support for all Envoy listening ports ``` From 4d37e713df65200592da102edcc4f35a765e5c7d Mon Sep 17 00:00:00 2001 From: Luong Vo Date: Wed, 17 Jan 2024 17:18:36 +0700 Subject: [PATCH 2/4] remove excessive ref-link footnote Signed-off-by: Luong Vo --- site/content/docs/1.24/guides/proxy-proto.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/site/content/docs/1.24/guides/proxy-proto.md b/site/content/docs/1.24/guides/proxy-proto.md index 12f57de0ec7..6f99ccabdb1 100644 --- a/site/content/docs/1.24/guides/proxy-proto.md +++ b/site/content/docs/1.24/guides/proxy-proto.md @@ -51,5 +51,3 @@ spec: [0]: http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt [1]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer -[2]: https://github.com/kubernetes/kubernetes/issues/57250 -[3]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#enable-proxy-protocol From fdecdcaeddd03e4ae8e7a1930d27a1143a061d19 Mon Sep 17 00:00:00 2001 From: Luong Vo Date: Wed, 17 Jan 2024 23:14:29 +0700 Subject: [PATCH 3/4] migrate changes to the main folder for new versions Signed-off-by: Luong Vo --- site/content/docs/1.24/guides/proxy-proto.md | 4 ++++ site/content/docs/main/guides/proxy-proto.md | 6 +----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/site/content/docs/1.24/guides/proxy-proto.md b/site/content/docs/1.24/guides/proxy-proto.md index 6f99ccabdb1..81be83fe6d3 100644 --- a/site/content/docs/1.24/guides/proxy-proto.md +++ b/site/content/docs/1.24/guides/proxy-proto.md @@ -35,6 +35,8 @@ spec: ... ``` +**NOTE**: The service annotation `service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'` used to toggle the PROXY protocol is found to have no effect on NLBs (Due to this open [issue][2]). Hence, follow the steps mentioned in this AWS [documentation][3] to manually toggle PROXY protocol on NLBs + ## Enable PROXY protocol support for all Envoy listening ports ``` @@ -51,3 +53,5 @@ spec: [0]: http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt [1]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer +[2]: https://github.com/kubernetes/kubernetes/issues/57250 +[3]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#enable-proxy-protocol diff --git a/site/content/docs/main/guides/proxy-proto.md b/site/content/docs/main/guides/proxy-proto.md index 81be83fe6d3..7753d8c5776 100644 --- a/site/content/docs/main/guides/proxy-proto.md +++ b/site/content/docs/main/guides/proxy-proto.md @@ -35,8 +35,6 @@ spec: ... ``` -**NOTE**: The service annotation `service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'` used to toggle the PROXY protocol is found to have no effect on NLBs (Due to this open [issue][2]). Hence, follow the steps mentioned in this AWS [documentation][3] to manually toggle PROXY protocol on NLBs - ## Enable PROXY protocol support for all Envoy listening ports ``` @@ -52,6 +50,4 @@ spec: ``` [0]: http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt -[1]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer -[2]: https://github.com/kubernetes/kubernetes/issues/57250 -[3]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#enable-proxy-protocol +[1]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer \ No newline at end of file From 15fcbffc4653c596cc4418f9acad8a5aeeafa34d Mon Sep 17 00:00:00 2001 From: Luong Vo Date: Sat, 20 Jan 2024 00:21:44 +0700 Subject: [PATCH 4/4] Back port changes from main to 1.25, 1.26, 1.27 Signed-off-by: Luong Vo --- site/content/docs/1.25/guides/proxy-proto.md | 6 +----- site/content/docs/1.26/guides/proxy-proto.md | 6 +----- site/content/docs/1.27/guides/proxy-proto.md | 6 +----- 3 files changed, 3 insertions(+), 15 deletions(-) diff --git a/site/content/docs/1.25/guides/proxy-proto.md b/site/content/docs/1.25/guides/proxy-proto.md index 81be83fe6d3..7d51de50820 100644 --- a/site/content/docs/1.25/guides/proxy-proto.md +++ b/site/content/docs/1.25/guides/proxy-proto.md @@ -10,7 +10,7 @@ The former cannot be used to load balance TLS traffic, because your cloud provid So the latter must be used when Contour handles HTTP and HTTPS traffic. However this leads to a situation where the remote IP address of the client is reported as the inside address of your cloud provider's load balancer. -To rectify the situation, you can add annotations to your service and flags to your Contour Deployment or DaemonSet to enable the [PROXY][0] protocol which forwards the original client IP details to Envoy. +To rectify the situation, you can add annotations to your service and flags to your Contour Deployment or DaemonSet to enable the [PROXY][0] protocol which forwards the original client IP details to Envoy. ## Enable PROXY protocol on your service in GKE @@ -35,8 +35,6 @@ spec: ... ``` -**NOTE**: The service annotation `service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'` used to toggle the PROXY protocol is found to have no effect on NLBs (Due to this open [issue][2]). Hence, follow the steps mentioned in this AWS [documentation][3] to manually toggle PROXY protocol on NLBs - ## Enable PROXY protocol support for all Envoy listening ports ``` @@ -53,5 +51,3 @@ spec: [0]: http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt [1]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer -[2]: https://github.com/kubernetes/kubernetes/issues/57250 -[3]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#enable-proxy-protocol diff --git a/site/content/docs/1.26/guides/proxy-proto.md b/site/content/docs/1.26/guides/proxy-proto.md index 81be83fe6d3..7d51de50820 100644 --- a/site/content/docs/1.26/guides/proxy-proto.md +++ b/site/content/docs/1.26/guides/proxy-proto.md @@ -10,7 +10,7 @@ The former cannot be used to load balance TLS traffic, because your cloud provid So the latter must be used when Contour handles HTTP and HTTPS traffic. However this leads to a situation where the remote IP address of the client is reported as the inside address of your cloud provider's load balancer. -To rectify the situation, you can add annotations to your service and flags to your Contour Deployment or DaemonSet to enable the [PROXY][0] protocol which forwards the original client IP details to Envoy. +To rectify the situation, you can add annotations to your service and flags to your Contour Deployment or DaemonSet to enable the [PROXY][0] protocol which forwards the original client IP details to Envoy. ## Enable PROXY protocol on your service in GKE @@ -35,8 +35,6 @@ spec: ... ``` -**NOTE**: The service annotation `service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'` used to toggle the PROXY protocol is found to have no effect on NLBs (Due to this open [issue][2]). Hence, follow the steps mentioned in this AWS [documentation][3] to manually toggle PROXY protocol on NLBs - ## Enable PROXY protocol support for all Envoy listening ports ``` @@ -53,5 +51,3 @@ spec: [0]: http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt [1]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer -[2]: https://github.com/kubernetes/kubernetes/issues/57250 -[3]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#enable-proxy-protocol diff --git a/site/content/docs/1.27/guides/proxy-proto.md b/site/content/docs/1.27/guides/proxy-proto.md index 81be83fe6d3..7d51de50820 100644 --- a/site/content/docs/1.27/guides/proxy-proto.md +++ b/site/content/docs/1.27/guides/proxy-proto.md @@ -10,7 +10,7 @@ The former cannot be used to load balance TLS traffic, because your cloud provid So the latter must be used when Contour handles HTTP and HTTPS traffic. However this leads to a situation where the remote IP address of the client is reported as the inside address of your cloud provider's load balancer. -To rectify the situation, you can add annotations to your service and flags to your Contour Deployment or DaemonSet to enable the [PROXY][0] protocol which forwards the original client IP details to Envoy. +To rectify the situation, you can add annotations to your service and flags to your Contour Deployment or DaemonSet to enable the [PROXY][0] protocol which forwards the original client IP details to Envoy. ## Enable PROXY protocol on your service in GKE @@ -35,8 +35,6 @@ spec: ... ``` -**NOTE**: The service annotation `service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'` used to toggle the PROXY protocol is found to have no effect on NLBs (Due to this open [issue][2]). Hence, follow the steps mentioned in this AWS [documentation][3] to manually toggle PROXY protocol on NLBs - ## Enable PROXY protocol support for all Envoy listening ports ``` @@ -53,5 +51,3 @@ spec: [0]: http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt [1]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer -[2]: https://github.com/kubernetes/kubernetes/issues/57250 -[3]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#enable-proxy-protocol