Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Host CRD does not route insecure requests

See original GitHub issue

Describe the bug Despite using the Host CRD for http-only in the docs, Ambassador refuses to route non-http requests and always forces 301 redirect.

To Reproduce Use the following k8s yaml

apiVersion: getambassador.io/v2
kind: Host
metadata:
  name: minimal-host
spec:
  hostname: host.example.com
  acmeProvider:
    authority: none
requestPolicy:
  insecure:
    action: route
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
  name: hello-world-mapping
spec:
  prefix: /hello-world/
  service: hello-world
---
apiVersion: v1
kind: Service
metadata:
  name: hello-world
spec:
  selector:
    app: hello-world
  ports:
  - port: 80
    targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-world
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: hello-world
  template:
    metadata:
      labels:
        app: hello-world
    spec:
      containers:
      - name: hello-world
        image: infrastructureascode/hello-world

Curl to curl -v http://host.example.com:30845/hello-world/ See 301 redirect

*   Trying 192.168.64.5...
* TCP_NODELAY set
* Connected to host.example.com (192.168.64.5) port 30845 (#0)
> GET /hello-world/ HTTP/1.1
> Host: host.example.com:30845
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< location: https://host.example.com:30845/hello-world/
< date: Sun, 19 Jan 2020 15:15:13 GMT
< server: envoy
< content-length: 0
<
* Connection #0 to host host.example.com left intact

Expected behavior Expect Host definition to allow http-only requests, no redirects.

Versions (please complete the following information):

Image: quay.io/datawire/aes:1.0.0
Image ID: docker-pullable://quay.io/datawire/aes@sha256:4a6577ca83178fbbfd8295d68312b2d92b6820dfd97e6a36e2ec1337ac4cf66b
minikube version: v1.6.2

Additional context I review of the generated envoy.json file shows the vhost host.example.com has an entry for the /hello-world/ path, but it is set to redirect: true. Seems like the insecure-action route is not being recognized.

Issue Analytics

State:
Created 4 years ago
Reactions:7
Comments:23 (7 by maintainers)

Top GitHub Comments

2reactions

mrtnfchscommented, Feb 4, 2020

It seems that I’m experiencing the same behaviour. I’ve tried creating a Host resource in multiple ways and it seems my settings are ignored. Ambassador keeps on redirecting http traffic and I’m not able to overwrite it with Reject or Route

0reactions

kflynncommented, Jan 12, 2021

Cool, thanks. Anyone else here, I’d definitely recommend checking out #2888 – tag yourself on that one if it matches your situation. Thanks!!