search

tilt-dev / tilt

Define your dev environment as code. For microservice apps on Kubernetes.
https://tilt.dev/
Apache License 2.0
7.56k stars 298 forks source link

Add protocol option to port_forward to enable HTTPS services #6427

Open cirego opened 4 weeks ago

cirego commented 4 weeks ago

Describe the Feature You Want

I would like the ability to specify the protocol handler in port forwards so that links to HTTPS services "just work".

Current Behavior

Navigating to an HTTPS service using a port_forward link results in a 400 Bad Request from nginx.

Our current Tiltfile sets up nginx with a certificate trusted by the user's browser. We have a port-forward clause in our Tiltfile that looks like this:

helm_resource(name='nginx',
              chart='ingress-charts/ingress-nginx',
              labels=['frontend'],
              flags=[...],
              resource_deps=['ingress-charts'],
              port_forwards=[port_forward(8443, 443, name='UI')]

When the user clicks this link, the browser sends an HTTP request, giving a 400 Bad Request ("The plain HTTP request was sent to HTTPS port").

Why Do You Want This?

Users can work around the bad request by manually prepending https:// to the URL in their browser navbar. Users find this tedious, as they must do this every time they click the link. It also creates a decent number of questions as new developers run into this issue.

Adding an option to set the protocol handler in the port_forward would neatly fix this issue. If I could update my port_forward to include protocol='https', then users will no longer need to edit the URL in their browser.

helm_resource(name='nginx',
              chart='ingress-charts/ingress-nginx',
              labels=['frontend'],
              flags=[...],
              resource_deps=['ingress-charts'],
              port_forwards=[port_forward(8443, 443, name='UI', protocol='https')]

Instead of constructing a localhost:8443 link, this would instead construct https://localhost:8443.

nicks commented 4 weeks ago

thanks for the report!

kubectl port-forward uses TCP, it doesn't care about layer 7 (http and https). so visiting https manually will work

you can use the links argument to create an https link - https://docs.tilt.dev/accessing_resource_endpoints#arbitrary-links

i'll leave this open to add support for link_protocol like the link_path we have today https://docs.tilt.dev/api#api.port_forward

cirego commented 4 weeks ago

Thanks for the response!

I can use the link workaround by creating a link -- is there a way to hide the link generated by the port_forward so that users are not confused about which to use?