diff options
author | HÃ¥kon Hallingstad <hakon.hallingstad@gmail.com> | 2024-03-24 19:24:38 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-24 19:24:38 +0100 |
commit | c3be0b5826152973ec422d32558ba41a1dc6311d (patch) | |
tree | 5d2ad752bfe1b6166b1b1afb4c2218012a56e0da | |
parent | 419c83697d1f7c8ddcaef57abfa592de78669145 (diff) | |
parent | 1f42018173667036034c31e613e69d01696a8966 (diff) |
Merge pull request #30721 from vespa-engine/hakonhall/azure-lb-trustv8.323.45
Azure LB trust
-rw-r--r-- | node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java index 16aa7197587..364d411f85f 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java @@ -2,6 +2,7 @@ package com.yahoo.vespa.hosted.provision.node; import com.google.common.collect.ImmutableSet; +import com.yahoo.config.provision.CloudName; import com.yahoo.config.provision.NodeType; import com.yahoo.config.provision.Zone; import com.yahoo.vespa.hosted.provision.Node; @@ -80,6 +81,13 @@ public record NodeAcl(Node node, // - proxy nodes trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.config), ipSpace)); trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.proxy), ipSpace)); + + // AZURE does not support proxy protocol, but instead passes through the source IP address. + // Which means we must accept any source IP. + if (zone.cloud().name().equals(CloudName.AZURE) && + node.allocation().map(a -> a.membership().cluster().type().isContainer()).orElse(false)) { + trustedPorts.add(4443); + } } case config -> { // Config servers trust: |