I am trying to setup an TLS terminated HTTPRoute using envoy-gateway. I have configured the GatewayClass that looks like:
apiVersion: gateway.networking.k8s.io/v1kind: GatewayClassmetadata: name: httpsspec: controllerName: gateway.envoyproxy.io/gatewayclass-controller parametersRef: group: gateway.envoyproxy.io kind: EnvoyProxy name: custom-proxy-config namespace: envoy-gateway-systeman EnvoyProxy object to do some controlling on the pod and also add the required annotation for the Loadbalancer service:
apiVersion: gateway.envoyproxy.io/v1alpha1kind: EnvoyProxymetadata: name: custom-proxy-config namespace: envoy-gateway-systemspec: provider: type: Kubernetes kubernetes: envoyDeployment: pod: annotations: annotation:1 container: resources: requests: cpu: 150m memory: 640Mi limits: cpu: 500m memory: 1Gi envoyHpa: minReplicas: 2 maxReplicas: 10 metrics: - resource: name: cpu target: averageUtilization: 60 type: Utilization type: ResourceThe gateway that looks like this:
apiVersion: gateway.networking.k8s.io/v1kind: Gatewaymetadata: name: shared-gateway namespace: envoy-gateway-systemspec: gatewayClassName: https listeners: - name: https protocol: HTTPS port: 443 allowedRoutes: namespaces: from: Selector selector: matchLabels: shared-gateway-access: "true" tls: certificateRefs: - name: ssl kind: SecretThe secret is generated by certmanager and it is a valid certificate.
It starts the LoadBalancer service just fine it also have the externalIP configured. But in the newly created envoy-gateway-* pod logs I see the following:
[2024-10-05 08:02:30.190][1][warning][misc] [source/extensions/filters/network/http_connection_manager/config.cc:83] internal_address_config is not configured. The existing default behaviour will trust RFC1918 IP addresses, but this will be changed in next release. Please explictily config internal address config as the migration step.