diff options
author | Håkon Hallingstad <hakon@yahooinc.com> | 2024-03-22 17:54:28 +0100 |
---|---|---|
committer | Håkon Hallingstad <hakon@yahooinc.com> | 2024-03-22 17:54:28 +0100 |
commit | 1f42018173667036034c31e613e69d01696a8966 (patch) | |
tree | ab90146651ca46b2529824cc238e21012b5768eb | |
parent | 04879cf9b250af7bf79b663b691bdee5d0a1fc4f (diff) |
Azure LB trust
-rw-r--r-- | node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java index 16aa7197587..364d411f85f 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java @@ -2,6 +2,7 @@ package com.yahoo.vespa.hosted.provision.node; import com.google.common.collect.ImmutableSet; +import com.yahoo.config.provision.CloudName; import com.yahoo.config.provision.NodeType; import com.yahoo.config.provision.Zone; import com.yahoo.vespa.hosted.provision.Node; @@ -80,6 +81,13 @@ public record NodeAcl(Node node, // - proxy nodes trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.config), ipSpace)); trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.proxy), ipSpace)); + + // AZURE does not support proxy protocol, but instead passes through the source IP address. + // Which means we must accept any source IP. + if (zone.cloud().name().equals(CloudName.AZURE) && + node.allocation().map(a -> a.membership().cluster().type().isContainer()).orElse(false)) { + trustedPorts.add(4443); + } } case config -> { // Config servers trust: |