I'm working on a detailed design, and I'll send it out when it's finished and we'll discuss it together.
wei jin <k...@apache.org> 于2022年3月23日周三 14:16写道: > But I think APISIX need to do something to avoid proxying traffic to > itself. > > Jintao Zhang <zhangjin...@apache.org> 于2022年3月22日周二 20:29写道: > > > Yes, this is something we need to fully consider. > > I was exposed to this type of vulnerability in Kubernetes ingress-nginx > > last year. > > > > Chao Zhang <zchao1...@gmail.com> 于2022年3月22日周二 11:41写道: > > > > > Hi Community, > > > > > > What I care about is if this will cause some security vulnerabilities > > such > > > as: > > > > > > I just write 127.0.0.1:9090 (APISIX Control API Address) in the > > > ExternalName service, and the privacy data of APISIX will be exposed. > > > > > > If we really want to implement this feature, security is the most > > important > > > step. > > > > > > Chao Zhang > > > https://github.com/tokers > > > > > > On March 21, 2022 at 09:34:21, Jintao Zhang (zhangjin...@apache.org) > > > wrote: > > > > > > I have seen some voices in the community, hoping that APISIX Ingress > can > > > proxy external services e.g: [1], [2] > > > > > > For these two types of requirements, it is a relatively simple > > requirement > > > for [1], we only need to add the corresponding External name type > service > > > to complete. > > > > > > But for [2], I found a very interesting situation. No other Ingress > > > controller implements similar functionality yet, and I think this would > > be > > > a huge feature. > > > > > > APISIX actually supports setting the domain name to nodes in the > > upstream. > > > But APISIX Ingress is not yet supported. > > > > > > To achieve the above function, we can set a special resolveGranularity > to > > > directly convert the record of external name to Node. > > > > > > To achieve the above function, we can set a special resolveGranularity > to > > > directly convert the record of external name to Node. > > > > > > > > > WDYT? > > > > > > > > > [1]: [ > > > > > > > > > https://github.com/apache/apisix-ingress-controller/issues/813](https://github.com/apache/apisix-ingress-controller/issues/813) > > > > > > [2]: [ > > > > > > > > > https://github.com/apache/apisix-ingress-controller/issues/645](https://github.com/apache/apisix-ingress-controller/issues/645) > > > > > >
