search

F5Networks / k8s-bigip-ctlr

Repository for F5 Container Ingress Services for Kubernetes & OpenShift.
Apache License 2.0
357 stars 195 forks source link

different behaviour from HAproxy when using both HTTPS redirect and plain HTTP child paths #3043

Closed alonsocamaro closed 7 months ago

alonsocamaro commented 1 year ago

Setup Details

Build: quay.io/f5networks/k8s-bigip-ctlr-devel:c20b620d3e972dd928f215552671bcb97b0b8eea
BIGIP Version: Big IP 17.1.0.1 AS3 Version: 3.45
Agent Mode: AS3/
Orchestration: OSCP
Orchestration Version: 4.12
Pool Mode: ClusterIP Additional Setup details: OVN, using multi-cluster preview in active-active mode.

Description

Note: The next test in BIG-IP is using the multi-cluster preview code in active-active mode

With the following route definitions

NAME                  HOST/PORT                                   PATH    SERVICES         PORT   TERMINATION     WILDCARD
guestbook-app1        guestbook-app1.apps.f5-udf.com ... 1 more           guestbook-app1   3000   edge/Redirect   None
guestbook-app1-test   guestbook-app1.apps.f5-udf.com ... 1 more   /test   guestbook-app1   3000                   None

HA proxy redirects / but not /test:

[cloud-user@ocp-provisioner example-tls-and-nontls]$ curl --resolve guestbook-app1.apps.f5-udf.com:80:10.1.10.5 -v guestbook-app1.apps.f5-udf.com 2>&1 | grep "< HTTP/"
< HTTP/1.1 302 Found
[cloud-user@ocp-provisioner example-tls-and-nontls]$ curl --resolve guestbook-app1.apps.f5-udf.com:80:10.1.10.5 -v guestbook-app1.apps.f5-udf.com/test 2>&1 | grep "< HTTP/"
< HTTP/1.1 404 Not Found

On the other hand, CIS has the following behavior:

[cloud-user@ocp-provisioner example-tls-and-nontls]$ curl -v guestbook-app1.apps.f5-udf.com 2>&1 | grep "< HTTP/"
< HTTP/1.0 302 Moved Temporarily
[cloud-user@ocp-provisioner example-tls-and-nontls]$ curl -v guestbook-app1.apps.f5-udf.com/test 2>&1 | grep "< HTTP/"
< HTTP/1.0 302 Moved Temporarily

Steps To Reproduce

1) Configure an HTTPS route with HTTP redirect for fqdn www.example.com 2) Configure a plain HTTP route for URL http://www.example.com/test

Expected Result

The http://www.example.com/test should not send redirection and any other plain HTTP path should.

This also matches HA proxy behavior which seems sensible given that accepting the route http://www.example.com/test and doing nothing about it doesn't make sense.

Actual Result

All HTTP paths are redirected to the HTTPS endpoint

trinaths commented 1 year ago

@alonsocamaro Is this issue validated with latest multicluster build ?

trinaths commented 7 months ago

Closing this issue. No update for longer time.