maybe we can combine it with apisix's discovery module ?
在 3/23/22 14:16, wei jin 写道:
But I think APISIX need to do something to avoid proxying traffic to itself.
Jintao Zhang <zhangjin...@apache.org> 于2022年3月22日周二 20:29写道:
Yes, this is something we need to fully consider.
I was exposed to this type of vulnerability in Kubernetes ingress-nginx
last year.
Chao Zhang <zchao1...@gmail.com> 于2022年3月22日周二 11:41写道:
Hi Community,
What I care about is if this will cause some security vulnerabilities
such
as:
I just write 127.0.0.1:9090 (APISIX Control API Address) in the
ExternalName service, and the privacy data of APISIX will be exposed.
If we really want to implement this feature, security is the most
important
step.
Chao Zhang
https://github.com/tokers
On March 21, 2022 at 09:34:21, Jintao Zhang (zhangjin...@apache.org)
wrote:
I have seen some voices in the community, hoping that APISIX Ingress can
proxy external services e.g: [1], [2]
For these two types of requirements, it is a relatively simple
requirement
for [1], we only need to add the corresponding External name type service
to complete.
But for [2], I found a very interesting situation. No other Ingress
controller implements similar functionality yet, and I think this would
be
a huge feature.
APISIX actually supports setting the domain name to nodes in the
upstream.
But APISIX Ingress is not yet supported.
To achieve the above function, we can set a special resolveGranularity to
directly convert the record of external name to Node.
To achieve the above function, we can set a special resolveGranularity to
directly convert the record of external name to Node.
WDYT?
[1]: [
https://github.com/apache/apisix-ingress-controller/issues/813](https://github.com/apache/apisix-ingress-controller/issues/813)
[2]: [
https://github.com/apache/apisix-ingress-controller/issues/645](https://github.com/apache/apisix-ingress-controller/issues/645)