This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

RequestRedirect with GKE Gateway controller

Posted on 11-16-2023 11:27 AM
sdarwin
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Here is some feedback about deploying "Configure HTTP-to-HTTPS redirects" from https://cloud.google.com/kubernetes-engine/docs/how-to/deploying-gateways#configure_http-to-https_re...

I had set up a gateway that initially listened on both http and https. That was working.

Then added the redirect httproute:

kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
  name: redirect
  namespace: gateway-infra
spec:
  parentRefs:
  - namespace: gateway-infra
    name: external-http
    sectionName: http
  rules:
  - filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https

The result was still the same. Both both http and https successfully replied to requests. Without a redirect though.

Finally, I managed to change something which fixed it. And this was from the docs also:  

Create an HTTPRoute for an application that only allows HTTPS.

sectionName: https

In a way it makes sense, you must follow the instructions, otherwise there might be problems.

However, consider this note:  

"""
Note: When configuring HTTP-to-HTTPS redirects on the Gateway, the sectionName field is optional. If you don't configure this field, the HTTPS listener is automatically selected as the default option.
"""

1. For me, it wasn't optional. It was required.
2. When it says "the HTTPS listener is automatically selected as the default option" that contradicts experience. Prior to attempting RequestRedirect, I had used a standard HTTPRoute. The usual instructions about HTTPRoute don't include sectionName. It is omitted. In those cases, the default option appears to apply the Route to all sections. The default seems to be all listeners, right? Not only the https listener. 

in the end, if there is any question, it might be: to debug "RequestRedirect" what command such as "gcloud compute url-maps describe", or similar, would display the redirect installed on the Load Balancer?

0 2 1,143
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @sdarwin ,

@sdarwin wrote:

2. When it says "the HTTPS listener is automatically selected as the default option" that contradicts experience. Prior to attempting RequestRedirect, I had used a standard HTTPRoute. The usual instructions about HTTPRoute don't include sectionName. It is omitted. In those cases, the default option appears to apply the Route to all sections. The default seems to be all listeners, right? Not only the https listener. 

As the documentation says, if you're setting up HTTP-to-HTTPS redirects on a Gateway and you choose not to specify a sectionName, the redirect configuration will automatically apply to the HTTPS listener. This is likely to ensure that secure connections are enforced by default when redirecting from HTTP.

@sdarwin wrote:

in the end, if there is any question, it might be: to debug "RequestRedirect" what command such as "gcloud compute url-maps describe", or similar, would display the redirect installed on the Load Balancer?

To address your question, you may try the following:

  1. Inspecting Backend Services:

    gcloud compute backend-services describe YOUR_BACKEND_SERVICE_NAME --global

    * Replace YOUR_BACKEND_SERVICE_NAME with the name of your backend service. This command will show details about the backend service, which is often associated with a URL map.

  2. Checking Load Balancer Configuration:

    gcloud compute target-http-proxies describe YOUR_TARGET_PROXY_NAME --global

    * Replace YOUR_TARGET_PROXY_NAME with the name of your target HTTP proxy. This command provides information about the target proxy, which is linked to the URL map.

  3. Inspecting the Forwarding Rule:

    gcloud compute forwarding-rules describe YOUR_FORWARDING_RULE_NAME --global

    * Replace YOUR_FORWARDING_RULE_NAME with the name of your forwarding rule. This command will show details about the forwarding rule, including the associated target proxy.

source: 
https://cloud.google.com/sdk/gcloud/reference/compute/backend-services/describe
https://cloud.google.com/sdk/gcloud/reference/compute/target-http-proxies
https://cloud.google.com/sdk/gcloud/reference/compute/forwarding-rules

 

0 Likes

Posted on --/--/---- --:-- AM
sdarwin
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Marvin,

Thanks for the answer!  It does seem to be working now.  I will explore the debugging statements you have suggested.

But to reiterate from the previous message, I believe there is a bug in the documentation.

Notice where it says this:

Note: When configuring HTTP-to-HTTPS redirects on the Gateway, the sectionName field is optional. If you don't configure this field, the HTTPS listener is automatically selected as the default option.

Directly above that note, is an HTTPRoute, which it's referring to.   It's a more-or-less ordinary HTTPRoute. For those, without a sectionName specified, it will apply to all relevant sections, including both http and https.  

Here is a merged pull request in the official specification, about this question: https://github.com/kubernetes-sigs/gateway-api/pull/2605

Top Labels in this Space
Top Solution Authors
View all