Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does consul api-gateway supports redirect http to https #3655

Open
andriktr opened this issue Feb 19, 2024 · 0 comments
Open

Does consul api-gateway supports redirect http to https #3655

andriktr opened this issue Feb 19, 2024 · 0 comments
Labels
type/question Question about product, ideally should be pointed to discuss.hashicorp.com

Comments

@andriktr
Copy link

Hello,
I have the following api-gateway configuration:

apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  name: consul-experimental-api-gateway
  namespace: consul
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
    service.beta.kubernetes.io/azure-load-balancer-ipv4: 10.162.75.172 
spec:
  gatewayClassName: consul
  listeners:
  - name: http-all
    port: 80
    protocol: HTTP
    allowedRoutes:
      namespaces:
        from: "All"
  
  - name: https-balticit
    port: 443
    protocol: HTTPS
    allowedRoutes:
      namespaces:
        from: "All"
    hostname: "*.balticit.ifint.biz"
    tls:
      certificateRefs:
      - kind: Secret
        group: ""
        name: balticit-ifint-biz
        namespace: ingress-nginx
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
  name: allow-consul-gateways-to-balticit-tls-secret
  namespace: ingress-nginx
spec:
  from:
  - group: gateway.networking.k8s.io
    kind: Gateway
    namespace: consul
  to:
  - group: ""
    kind: Secret
    name: balticit-ifint-biz

According k8s gateway api docs in order to configure http to https redirect we need to have:
1 . A httpRoute for http-liestener with redirect stanza:

apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: http-to-https-redirect-for-blue-service
  namespace: blue-green
spec:
  parentRefs:
  - name: consul-experimental-api-gateway
    sectionName: http-all # select a http-all listener defined in api-gateway
    namespace: consul
  hostnames:
  - "demo.balticit.ifint.biz"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /blue
    filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
        statusCode: 301
  1. A httpRoute with https-listener referencing to our backend service:
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: blue-route
  namespace: blue-green
spec:
  parentRefs:
  - name: consul-experimental-api-gateway
    namespace: consul
    sectionName: https-balticit
  hostnames:
  - "demo.balticit.ifint.biz"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /blue
    filters:
      - type: URLRewrite
        urlRewrite:
          path:
            type: ReplacePrefixMatch
            replacePrefixMatch: /
    backendRefs:
    - name: blue 
      kind: Service
      port: 8080
      namespace: blue-green

In my case only https://demo.balticit.ifint.biz/blue is working and http is not.
Any suggestions or thougts ?
Thanks in advance.
@andriktr andriktr added the type/question Question about product, ideally should be pointed to discuss.hashicorp.com label Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/question Question about product, ideally should be pointed to discuss.hashicorp.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andriktr