search

hashicorp / consul-api-gateway

The Consul API Gateway is a dedicated ingress solution for intelligently routing traffic to applications running on a Consul Service Mesh.
Mozilla Public License 2.0
100 stars 16 forks source link

Does consul api-gateway support redirect http to https #603

Open andriktr opened 8 months ago

andriktr commented 8 months ago

Hello, I have the following api-gateway configuration"

apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  name: consul-experimental-api-gateway
  namespace: consul
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
    service.beta.kubernetes.io/azure-load-balancer-ipv4: 10.162.75.172 
spec:
  gatewayClassName: consul
  listeners:
  - name: http-all
    port: 80
    protocol: HTTP
    allowedRoutes:
      namespaces:
        from: "All"

  - name: https-balticit
    port: 443
    protocol: HTTPS
    allowedRoutes:
      namespaces:
        from: "All"
    hostname: "*.balticit.ifint.biz"
    tls:
      certificateRefs:
      - kind: Secret
        group: ""
        name: balticit-ifint-biz
        namespace: ingress-nginx
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
  name: allow-consul-gateways-to-balticit-tls-secret
  namespace: ingress-nginx
spec:
  from:
  - group: gateway.networking.k8s.io
    kind: Gateway
    namespace: consul
  to:
  - group: ""
    kind: Secret
    name: balticit-ifint-biz

According k8s gateway api docs in order to configure http to https redirect we need to have: 1 . A httpRoute for http-liestener with redirect stanza:

apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: http-to-https-redirect-for-blue-service
  namespace: blue-green
spec:
  parentRefs:
  - name: consul-experimental-api-gateway
    sectionName: http-all # select a http-all listener defined in api-gateway
    namespace: consul
  hostnames:
  - "demo.balticit.ifint.biz"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /blue
    filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
        statusCode: 301
  1. A httpRoute with https-listener referencing to our backend service:
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: blue-route
  namespace: blue-green
spec:
  parentRefs:
  - name: consul-experimental-api-gateway
    namespace: consul
    sectionName: https-balticit
  hostnames:
  - "demo.balticit.ifint.biz"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /blue
    filters:
      - type: URLRewrite
        urlRewrite:
          path:
            type: ReplacePrefixMatch
            replacePrefixMatch: /
    backendRefs:
    - name: blue 
      kind: Service
      port: 8080
      namespace: blue-green

In my case only https://demo.balticit.ifint.biz/blue is working and http is not.
Any suggestions or thougts ? Thanks in advance.