Skip to content
This repository has been archived by the owner on Mar 19, 2024. It is now read-only.

Does consul api-gateway support redirect http to https #603

Open
andriktr opened this issue Feb 19, 2024 · 0 comments
Open

Does consul api-gateway support redirect http to https #603

andriktr opened this issue Feb 19, 2024 · 0 comments

Comments

@andriktr
Copy link

Hello,
I have the following api-gateway configuration"

apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  name: consul-experimental-api-gateway
  namespace: consul
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
    service.beta.kubernetes.io/azure-load-balancer-ipv4: 10.162.75.172 
spec:
  gatewayClassName: consul
  listeners:
  - name: http-all
    port: 80
    protocol: HTTP
    allowedRoutes:
      namespaces:
        from: "All"
  
  - name: https-balticit
    port: 443
    protocol: HTTPS
    allowedRoutes:
      namespaces:
        from: "All"
    hostname: "*.balticit.ifint.biz"
    tls:
      certificateRefs:
      - kind: Secret
        group: ""
        name: balticit-ifint-biz
        namespace: ingress-nginx
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
  name: allow-consul-gateways-to-balticit-tls-secret
  namespace: ingress-nginx
spec:
  from:
  - group: gateway.networking.k8s.io
    kind: Gateway
    namespace: consul
  to:
  - group: ""
    kind: Secret
    name: balticit-ifint-biz

According k8s gateway api docs in order to configure http to https redirect we need to have:
1 . A httpRoute for http-liestener with redirect stanza:

apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: http-to-https-redirect-for-blue-service
  namespace: blue-green
spec:
  parentRefs:
  - name: consul-experimental-api-gateway
    sectionName: http-all # select a http-all listener defined in api-gateway
    namespace: consul
  hostnames:
  - "demo.balticit.ifint.biz"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /blue
    filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
        statusCode: 301
  1. A httpRoute with https-listener referencing to our backend service:
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: blue-route
  namespace: blue-green
spec:
  parentRefs:
  - name: consul-experimental-api-gateway
    namespace: consul
    sectionName: https-balticit
  hostnames:
  - "demo.balticit.ifint.biz"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /blue
    filters:
      - type: URLRewrite
        urlRewrite:
          path:
            type: ReplacePrefixMatch
            replacePrefixMatch: /
    backendRefs:
    - name: blue 
      kind: Service
      port: 8080
      namespace: blue-green

In my case only https://demo.balticit.ifint.biz/blue is working and http is not.
Any suggestions or thougts ?
Thanks in advance.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andriktr