feat: add PROXY protocol support #813
Conversation
casperakos
changed the title
casperakos
changed the title
|
Sorry to just ping you maintainers but any update on this? We are using the PROXY protocol in multiple APISIX deployments and have to manually overwrite the settings on any update or change of them. We'd really appreciate the merge of this PR. Thanks for your work |
|
@juzhiyuan @guoqqqi Sorry to ping you but this is opened since mar 4, can you please have a look at the pr? thank you in advance ;) |
Address review feedback to nest proxyProtocol configuration under the apisix section for consistency with other APISIX-specific settings. Updated references in configmap.yaml, values.schema.json, and README.md to use .Values.apisix.proxyProtocol instead of .Values.proxyProtocol.
|
Hi @AlinsRan, I've addressed your feedback and moved the |
| # receive http request with proxy protocol | ||
| listen_https_port: {{ .Values.apisix.proxyProtocol.listenHTTPSPort }} # The port with proxy protocol for https | ||
| enable_tcp_pp: {{ .Values.apisix.proxyProtocol.enableTCPPP }} # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option | ||
| enable_tcp_pp_to_upstream: {{ .Values.apisix.proxyProtocol.enableTCPPPToUpstream }} # Enables the proxy protocol to the upstream server |
There was a problem hiding this comment.
The proxy protocol ports (9181/9182) are configured in APISIX config here, but they're never exposed in the deployment template's containerPorts or in the Service spec. This means even with proxy protocol enabled, the ports won't be reachable from outside the pod.
You'd need to also update deployment.yaml to conditionally add these as container ports when proxyProtocol.enabled is true, and update the service template to expose them. Without that, a load balancer can't actually send PROXY protocol traffic to APISIX on these ports.
5 participants
I would like to add support for configuring the PROXY protocol in the APISIX helm chart. Currently, the PROXY protocol configuration exists in the template as commented code, but there's no way to enable or configure it via values.yaml.
Motivation
The PROXY protocol allows load balancers to pass client connection information to APISIX. This is especially useful in Kubernetes environments where APISIX is deployed behind a load balancer, and the original client IP needs to be preserved.
Implementation
Added proxy protocol configuration options to values.yaml with default values:
proxyProtocol:
enabled: false
listenHTTPPort: 9181
listenHTTPSPort: 9182
enableTCPPP: false
enableTCPPPToUpstream: false
Updated configmap.yaml to conditionally include proxy_protocol configuration when enabled
Added schema validation in values.schema.json for the new options
Updated README.md with documentation for the new configuration options
These changes allow users to easily enable and configure proxy protocol support through the helm chart values, rather than having to manually modify the configmap.
Fixes #812