emissary: Host CRD does not route insecure requests
Describe the bug Despite using the Host CRD for http-only in the docs, Ambassador refuses to route non-http requests and always forces 301 redirect.
To Reproduce Use the following k8s yaml
apiVersion: getambassador.io/v2
kind: Host
metadata:
name: minimal-host
spec:
hostname: host.example.com
acmeProvider:
authority: none
requestPolicy:
insecure:
action: route
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: hello-world-mapping
spec:
prefix: /hello-world/
service: hello-world
---
apiVersion: v1
kind: Service
metadata:
name: hello-world
spec:
selector:
app: hello-world
ports:
- port: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world
spec:
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app: hello-world
template:
metadata:
labels:
app: hello-world
spec:
containers:
- name: hello-world
image: infrastructureascode/hello-world
Curl to curl -v http://host.example.com:30845/hello-world/
See 301 redirect
* Trying 192.168.64.5...
* TCP_NODELAY set
* Connected to host.example.com (192.168.64.5) port 30845 (#0)
> GET /hello-world/ HTTP/1.1
> Host: host.example.com:30845
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< location: https://host.example.com:30845/hello-world/
< date: Sun, 19 Jan 2020 15:15:13 GMT
< server: envoy
< content-length: 0
<
* Connection #0 to host host.example.com left intact
Expected behavior Expect Host definition to allow http-only requests, no redirects.
Versions (please complete the following information):
- Image: quay.io/datawire/aes:1.0.0
- Image ID: docker-pullable://quay.io/datawire/aes@sha256:4a6577ca83178fbbfd8295d68312b2d92b6820dfd97e6a36e2ec1337ac4cf66b
- minikube version: v1.6.2
Additional context
I review of the generated envoy.json file shows the vhost host.example.com has an entry for the /hello-world/ path, but it is set to redirect: true. Seems like the insecure-action route is not being recognized.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 7
- Comments: 23 (7 by maintainers)
Commits related to this issue
- Host crd: Fix insecure Route action Fixes: https://github.com/datawire/ambassador/issues/2216 — committed to jfrabaute/ambassador by jfrabaute 4 years ago
- Host crd: Fix insecure Route action Fixes: https://github.com/datawire/ambassador/issues/2216 — committed to jfrabaute/ambassador by jfrabaute 4 years ago
- Host crd: Fix insecure Route action Fixes: https://github.com/datawire/ambassador/issues/2216 For each listener, there will be one envoy filter per server_names and also an envoy filter with empty f... — committed to jfrabaute/ambassador by jfrabaute 4 years ago
- Host crd: Fix insecure Route action Fixes: https://github.com/datawire/ambassador/issues/2216 For each listener, there will be one envoy filter per server_names and also an envoy filter with empty f... — committed to jfrabaute/ambassador by jfrabaute 4 years ago
- Host crd: Fix insecure Route action Fixes: https://github.com/datawire/ambassador/issues/2216 For each listener, there will be one envoy filter per server_names and also an envoy filter with empty f... — committed to jfrabaute/ambassador by jfrabaute 4 years ago
It seems that I’m experiencing the same behaviour. I’ve tried creating a Host resource in multiple ways and it seems my settings are ignored. Ambassador keeps on redirecting http traffic and I’m not able to overwrite it with Reject or Route