gateway-api icon indicating copy to clipboard operation
gateway-api copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

How to achieve single hostname with BOTH https and http path

Open e33ivanyauwai opened this issue 1 year ago • 2 comments

What would you like to be added: Documentation or example about confiuring single hostname with BOTH https and http path. e.g. https://www.example.com/, http://www.example.com/foo

Why this is needed:

How to achieve single hostname with BOTH https and http path, e.g.: "/" with https tcp443 "/plaintext" with http tcp80

Something like:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: https-redirect
spec:
  parentRefs:
  - name: gateway-all
    namespace: default
    sectionName: http
  hostnames:
  - "www.example.com"
  rules:
  - filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
        port: 443
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: http-only
spec:
  parentRefs:
  - name: gateway-all
    namespace: default
    sectionName: https
  hostnames:
    - "www.example.com"
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /plaintext
      filters:
        - type: RequestRedirect
          requestRedirect:
            scheme: http
            port: 80

e33ivanyauwai avatar Apr 18 '24 14:04 e33ivanyauwai

Hey @e33ivanyauwai, I think I'm having trouble understanding the redirects in your example. If you're attaching a Route exclusively to an HTTP listener, why would you need to redirect to 80 + HTTP?

robscott avatar Apr 18 '24 16:04 robscott

Thanks for your reply @robscott, our case is that we have a public website with https://example.com, but we also have some API endpoints with http (http://example.com/api) that was feed to a legacy system, we cannot change the code for the legacy system.

I used Nginx Ingress Controller with the below before (with annotation to bypass some path from https), now I migrate to Gateway but it seems I cannot find the documentation about this.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: project_name-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: project_name
          servicePort: 80

e33ivanyauwai avatar Apr 19 '24 01:04 e33ivanyauwai

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jul 18 '24 04:07 k8s-triage-robot

/remove-lifecycle stale

e33ivanyauwai avatar Jul 27 '24 02:07 e33ivanyauwai