Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate HTTPRoute sectionName to select listener #610

Closed
acelinkio opened this issue Feb 10, 2024 · 2 comments
Closed

Generate HTTPRoute sectionName to select listener #610

acelinkio opened this issue Feb 10, 2024 · 2 comments
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@acelinkio
Copy link

Please provide a method to setup routes created via Knative to configure route parentref listener section. Gateways allow for restricting access to listeners. This is especially useful when wanting to ensure that no traffic is sent in plain text.

Example where the listener on 80 is limited to HTTPRoute that is a 301 redirect:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: internal
  namespace: cilium-gateway
spec:
  gatewayClassName: cilium
  listeners:
  - protocol: HTTP
    port: 80
    name: http
    allowedRoutes:
      namespaces:
        from: Same
  - protocol: HTTPS
    port: 443
    name: https
    tls:
      certificateRefs:
      - kind: Secret
        name: wildcard-production
        namespace: cilium-secrets
    allowedRoutes:
      namespaces:
        from: All
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: httpsredirect-internalgw
  namespace: cilium-gateway
spec:
  parentRefs:
    - name: internal
      namespace: cilium-gateway
      sectionName: http
  rules:
    - filters:
        - requestRedirect:
            scheme: https
            statusCode: 301
          type: RequestRedirect
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: grafana
  namespace: monitoring
spec:
  parentRefs:
  - name: internal
    namespace: cilium-gateway
    sectionName: https
  hostnames:
  - "grafana.mydomain.tld"
  rules:
  - backendRefs:
    - name: grafana
      port: 80
@github-actions GitHub Actions
Copy link
Contributor

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 11, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 10, 2024
@dprotaso
Copy link
Contributor

FWIW I think we'll have to do this in order to accomplish HTTP=>HTTPS redirects

We're tracking that here #130

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dprotaso @acelinkio