By default all consul connect traffic is handled through an envoy sidecar task. The sidecar listen on somehow random port on the first public IP it can find on a hosting node. I would like to move it to a private interface or private IP attached to the public interface. There are three reasons:
- my hosting provider has different billing costs depending on address which is used
- adding another level of traffic isolation feels good
- simplifies firewall rules
It seems that envoy sidecar ignores all the configs I could find (host_network, nomad advertise address, consul bind and client address).
Any hints?