You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, the upstream name used inside plugin must match configured upstream name in the host, but we don't provide any recommendations around its format, which makes this feature less portable than it could be.
As such, I suggest that we standardize on URI's scheme://authority (e.g. https://www.google.com or udp://1.2.3.4:53) as the upstream name... although that doesn't allow configuration of TLS client certificates, etc.
Note: There is an undocumented behavior in Envoy that allows passing xDS proto with cluster configuration in place of the upstream name, which breaks the security properties of the sandbox, but that's not something supported per existing specification and it shouldn't be used.
Right now, the upstream name used inside plugin must match configured upstream name in the host, but we don't provide any recommendations around its format, which makes this feature less portable than it could be.
As such, I suggest that we standardize on URI's
scheme://authority(e.g.https://www.google.comorudp://1.2.3.4:53) as the upstream name... although that doesn't allow configuration of TLS client certificates, etc.Note: There is an undocumented behavior in Envoy that allows passing xDS proto with cluster configuration in place of the upstream name, which breaks the security properties of the sandbox, but that's not something supported per existing specification and it shouldn't be used.
cc @kyessenov
The text was updated successfully, but these errors were encountered: