add x-forwarded-for to envoy

Author: aojea

examples/ingress_foo_bar.yaml

@@ -0,0 +1,85 @@
+kind: Pod
+apiVersion: v1
+metadata:
+  name: foo-app
+  labels:
+    app: foo
+spec:
+  containers:
+  - command:
+    - /agnhost
+    - netexec
+    - --http-port=8080
+    image: registry.k8s.io/e2e-test-images/agnhost:2.59
+    name: foo-app
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: foo-service
+spec:
+  selector:
+    app: foo
+  ports:
+  - port: 8080
+---
+kind: Pod
+apiVersion: v1
+metadata:
+  name: bar-app
+  labels:
+    app: bar
+spec:
+  containers:
+  - command:
+    - /agnhost
+    - netexec
+    - --http-port=8080
+    image: registry.k8s.io/e2e-test-images/agnhost:2.59
+    name: bar-app
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: bar-service
+spec:
+  selector:
+    app: bar
+  ports:
+  - port: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: example-ingress
+spec:
+  rules:
+  - host: foo.example.com
+    http:
+      paths:
+      - pathType: Prefix
+        path: /
+        backend:
+          service:
+            name: foo-service
+            port:
+              number: 8080
+  - host: bar.example.com
+    http:
+      paths:
+      - pathType: Prefix
+        path: /
+        backend:
+          service:
+            name: bar-service
+            port:
+              number: 8080
+---
+kind: Pod
+apiVersion: v1
+metadata:
+  name: curl-pod
+spec:
+  containers:
+  - name: curl
+    image: registry.k8s.io/e2e-test-images/agnhost:2.59

pkg/gateway/listener.go

@@ -17,6 +17,7 @@ import (
 	"github.com/envoyproxy/go-control-plane/pkg/wellknown"
 
 	"google.golang.org/protobuf/types/known/anypb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -223,6 +224,9 @@ func (c *Controller) translateListenerToFilterChain(gateway *gatewayv1.Gateway,
 
 		hcmConfig := &hcm.HttpConnectionManager{
 			StatPrefix: string(lis.Name),
+			// Enable X-Forwarded-For header
+			// https://github.com/kubernetes-sigs/cloud-provider-kind/issues/296
+			UseRemoteAddress: &wrapperspb.BoolValue{Value: true},
 			RouteSpecifier: &hcm.HttpConnectionManager_Rds{
 				Rds: &hcm.Rds{
 					ConfigSource: &corev3.ConfigSource{

tests/tests.bats

@@ -118,3 +118,45 @@
     # Cleanup: Delete the applied manifests
     kubectl delete --ignore-not-found -f "$BATS_TEST_DIRNAME"/../examples/gateway_httproute_simple.yaml
 }
+
+
+@test "Ingress to Gateway Migration and X-Forwarded-For Header" {
+    # Apply the Gateway and HTTPRoute manifests
+    kubectl apply -f "$BATS_TEST_DIRNAME"/../examples/ingress_foo_bar.yaml
+
+    # Wait for the backend application pod to be ready
+    kubectl wait --for=condition=ready pods -l app=foo --timeout=60s
+    kubectl wait --for=condition=ready pods -l app=foo --timeout=60s
+
+    # Give the controller time to reconcile
+    echo "Waiting for reconciliation..."
+    sleep 5
+
+    echo "Finding Ingress Loadbalancer IP ..."
+    run kubectl get ingress example-ingress -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
+    [ "$status" -eq 0 ]
+    export INGRESS_SVC_IP="$output"
+    echo "Ingress LoadBalancer IP: $INGRESS_SVC_IP"
+
+    # Test /foo prefix
+    echo "Testing /foo prefix (should match foo-app)..."
+    run kubectl exec curl-pod -- curl -H "Host: foo.example.com" -s "http://$INGRESS_SVC_IP/hostname"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "foo-app" ]]
+
+    # Test /bar prefix
+    echo "Testing /bar prefix (should match bar-app)..."
+    run kubectl exec curl-pod -- curl  -H "Host: bar.example.com" -s "http://$INGRESS_SVC_IP/hostname"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "bar-app" ]]
+
+    # Test X-Forwarded-For header
+    echo "Testing X-Forwarded-For header..."
+    run kubectl exec curl-pod -- curl -H "Host: foo.example.com" -s "http://$INGRESS_SVC_IP/header?key=X-Forwarded-For"
+    [ "$status" -eq 0 ]
+    echo "X-Forwarded-For header value: $output"
+    [[ ! -z "$output" ]]
+
+    # Cleanup: Delete the applied manifests
+    kubectl delete --ignore-not-found -f "$BATS_TEST_DIRNAME"/../examples/ingress_foo_bar.yaml
+}