Skip to content

fix: cherry-pick API proxy review fixes to sidecar branch #839

New issue
New issue
Open
Open
fix: cherry-pick API proxy review fixes to sidecar branch#839
@Mossaka

Description

@Mossaka
Mossaka
opened on Feb 13, 2026

Tracking issue from closed PR #752.

Changes needed

  • API proxy firewall exemption: Add proxyIp parameter to setupHostIptables() to allow unrestricted egress for the sidecar at 172.30.0.30
  • Envoy healthcheck: Change from custom health endpoint to Envoy admin endpoint (http://localhost:9901/ready)
  • Security hardening: Simplify cap_drop from selective capability list to ['ALL'] for maximum security
  • Test coverage: Add unit tests covering API proxy service generation, environment injection, security hardening, and conditional behavior
  • Documentation: Update comments and docs for host header rewriting and conditional BASE_URL environment variables

Original PR: #752

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions