search

envoyproxy / gateway

Manages Envoy Proxy as a Standalone or Kubernetes-based Application Gateway
https://gateway.envoyproxy.io
Apache License 2.0
1.63k stars 355 forks source link

Support of append_x_forwarded_port to allow port matching in HTTPRoute #3797

Open gerrieg opened 4 months ago

gerrieg commented 4 months ago

append_x_forwarded_port

zhaohuabing commented 4 months ago

@gerrieg Could you please elaborate on your use case to help us understand this request?

gerrieg commented 4 months ago

We need to support multiple ports on the same hostname and forward to different services per port

Here is an example:

There is also a strange thing, that the x-forwarded-port has the envoy port 10443 if the request comes via 443.

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: default-gateway
  namespace: envoy-gateway-system
spec:
  gatewayClassName: default-gateway
  listeners:
    - name: https
      protocol: HTTPS
      port: 443
      allowedRoutes:
        namespaces:
          from: All
      hostname: "*.xxxxx.xxxxxx.xxx"
      tls:
        certificateRefs:
        - kind: Secret
          group: ""
          name: default-gateway-cert
    - name: https2
      protocol: HTTPS
      port: 8454
      allowedRoutes:
        namespaces:
          from: All
      hostname: "*.xxxxx.xxxxxx.xxx"
      tls:
        certificateRefs:
        - kind: Secret
          group: ""
          name: default-gateway-cert
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: example-route
  namespace: eai
spec:
  hostnames:
  - xxx.xxxxx.xxxxxx.xxx
  parentRefs:
  - name: default-gateway
    namespace: envoy-gateway-system
  rules:
  - backendRefs:
    - name: backend-ref-1
      port: 8454
      weight: 1
    matches:
    - headers:
      - name: x-forwarded-port
        value: "8454"
  - backendRefs:
    - name: backend-ref-2
      port: 8080
      weight: 1
    matches:
    - headers:
      - name: x-forwarded-port
        value: "10443"
github-actions[bot] commented 3 months ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days.

arkodg commented 2 months ago

@gerrieg you can split up your HTTPRoutes into 2 (its fine to have the same hostname in both ) and link each one to a different listener using parentRef similar to the HTTP Redirect example https://gateway.envoyproxy.io/latest/tasks/traffic/http-redirect/#http----https

github-actions[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days.