Add new virtual service option - xff_num_trusted_hops (#185)

* add new vs option

Author: aa1ex

api/v1alpha1/virtualservice_common.go

@@ -26,6 +26,11 @@ type VirtualServiceCommonSpec struct {
 	// UpgradeConfigs - https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-msg-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-upgradeconfig
 	UpgradeConfigs []*runtime.RawExtension `json:"upgradeConfigs,omitempty"`
 	RBAC           *VirtualServiceRBACSpec `json:"rbac,omitempty"`
+	// The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust
+	// when determining the origin client’s IP address. The default is zero if this option is not specified.
+	// See the documentation for x-forwarded-for for more information.
+	// https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+	XFFNumTrustedHops *uint32 `json:"xffNumTrustedHops,omitempty"`
 }
 
 type TlsConfig struct {

api/v1alpha1/zz_generated.deepcopy.go

@@ -150,6 +150,14 @@ spec:
               virtualHost:
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
+              xffNumTrustedHops:
+                description: |-
+                  The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust
+                  when determining the origin client’s IP address. The default is zero if this option is not specified.
+                  See the documentation for x-forwarded-for for more information.
+                  https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+                format: int32
+                type: integer
             type: object
           status:
             description: VirtualServiceStatus defines the observed state of VirtualService

config/crd/bases/envoy.kaasops.io_virtualservices.yaml

@@ -127,6 +127,14 @@ spec:
               virtualHost:
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
+              xffNumTrustedHops:
+                description: |-
+                  The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust
+                  when determining the origin client’s IP address. The default is zero if this option is not specified.
+                  See the documentation for x-forwarded-for for more information.
+                  https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+                format: int32
+                type: integer
             type: object
           status:
             description: VirtualServiceTemplateStatus defines the observed state of

config/crd/bases/envoy.kaasops.io_virtualservicetemplates.yaml

@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "0.73"
+version: "0.74"
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.9.2"
+appVersion: "v0.10.0"
 
 home: https://github.com/kaasops/envoy-xds-controller
 sources: 

helm/charts/envoy-xds-controller/Chart.yaml

@@ -150,6 +150,14 @@ spec:
               virtualHost:
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
+              xffNumTrustedHops:
+                description: |-
+                  The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust
+                  when determining the origin client’s IP address. The default is zero if this option is not specified.
+                  See the documentation for x-forwarded-for for more information.
+                  https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+                format: int32
+                type: integer
             type: object
           status:
             description: VirtualServiceStatus defines the observed state of VirtualService

helm/charts/envoy-xds-controller/crds/envoy.kaasops.io_virtualservices.yaml

@@ -127,6 +127,14 @@ spec:
               virtualHost:
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
+              xffNumTrustedHops:
+                description: |-
+                  The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust
+                  when determining the origin client’s IP address. The default is zero if this option is not specified.
+                  See the documentation for x-forwarded-for for more information.
+                  https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+                format: int32
+                type: integer
             type: object
           status:
             description: VirtualServiceTemplateStatus defines the observed state of