But I think APISIX need to do something to avoid proxying traffic to itself.
Jintao Zhang <zhangjin...@apache.org> 于2022年3月22日周二 20:29写道: > Yes, this is something we need to fully consider. > I was exposed to this type of vulnerability in Kubernetes ingress-nginx > last year. > > Chao Zhang <zchao1...@gmail.com> 于2022年3月22日周二 11:41写道: > > > Hi Community, > > > > What I care about is if this will cause some security vulnerabilities > such > > as: > > > > I just write 127.0.0.1:9090 (APISIX Control API Address) in the > > ExternalName service, and the privacy data of APISIX will be exposed. > > > > If we really want to implement this feature, security is the most > important > > step. > > > > Chao Zhang > > https://github.com/tokers > > > > On March 21, 2022 at 09:34:21, Jintao Zhang (zhangjin...@apache.org) > > wrote: > > > > I have seen some voices in the community, hoping that APISIX Ingress can > > proxy external services e.g: [1], [2] > > > > For these two types of requirements, it is a relatively simple > requirement > > for [1], we only need to add the corresponding External name type service > > to complete. > > > > But for [2], I found a very interesting situation. No other Ingress > > controller implements similar functionality yet, and I think this would > be > > a huge feature. > > > > APISIX actually supports setting the domain name to nodes in the > upstream. > > But APISIX Ingress is not yet supported. > > > > To achieve the above function, we can set a special resolveGranularity to > > directly convert the record of external name to Node. > > > > To achieve the above function, we can set a special resolveGranularity to > > directly convert the record of external name to Node. > > > > > > WDYT? > > > > > > [1]: [ > > > > > https://github.com/apache/apisix-ingress-controller/issues/813](https://github.com/apache/apisix-ingress-controller/issues/813) > > > > [2]: [ > > > > > https://github.com/apache/apisix-ingress-controller/issues/645](https://github.com/apache/apisix-ingress-controller/issues/645) > > >
