/docs/kubernetes/guides/envoy-gateway/ Recent content in Envoy Gateway on Documentation Hugo en /docs/kubernetes/guides/envoy-gateway/direct/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/kubernetes/guides/envoy-gateway/direct/ <p>This guide walks through setting up Envoy Gateway in a cluster where the OpenStack load balancer is configured in TCP mode with <strong>PROXY protocol v2</strong>. The load balancer prepends a PROXY header to each incoming connection carrying the real client IP. Envoy parses that header and uses it for access logs, rate limiting and <code>X-Forwarded-For</code>.</p> <blockquote> <p><strong>Note:</strong> Your <code>ClientTrafficPolicy</code> must set <code>proxyProtocol.optional: false</code>. Without it Envoy rejects incoming connections and all routes return 503.</p> /docs/kubernetes/guides/envoy-gateway/proxy/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/kubernetes/guides/envoy-gateway/proxy/ <p>This guide walks through setting up Envoy Gateway in a cluster where you front the OpenStack load balancer with <strong>your own upstream proxy</strong> — for example a CDN, WAF, or edge proxy — that terminates the client connection and injects the real client IP into the <code>X-Forwarded-For</code> header. The OpenStack load balancer itself stays in TCP passthrough; the upstream proxy is what carries the client IP for you.</p> <blockquote> <p><strong>Note:</strong> Your <code>ClientTrafficPolicy</code> must set <code>clientIPDetection.xForwardedFor</code> with <code>numTrustedHops</code> set to the number of trusted proxies in front of Envoy. Without it Envoy will not honour the incoming <code>X-Forwarded-For</code> header and your access logs and rate limiting will see the load balancer&rsquo;s internal IP.</p>