Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PathRewitePolicy behaving weird with condition prefix and header match #6605

Closed
shivgana opened this issue Aug 11, 2024 · 3 comments
Closed
Labels
kind/question Categorizes an issue as a user question. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@shivgana
Copy link

What question do you have?:
We have a conflict of endpoint "/ui" with two Frontend(one is owned by us, other is 2pp) application under same FDQN. So, we decided use pathRewritePolicy for our frontend application without any effort on application. If cookie contain token then update endpoint with pathRewritePolicy, else send request with no endpoint change to service for authentication if header cookie doesn't contain token.

apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
  name: name-example-foo
spec:
  virtualhost:
    fqdn: foo.bar.com
  routes:
    - conditions:
      - prefix: /ui
      services:
        - name: 2pp-frontend
          port: 80
    - conditions:
      - prefix: /our-app
      - header:
          name: cookie
          contains: token
      pathRewritePolicy:
        replacePrefix:
        - prefix: /our-app
          replacement: /
      services:
        - name: our-frontend
          port: 80
    - conditions:
      - prefix: /our-app
      - header:
          name: cookie
          notcontains: token
      services:
        - name: our-frontend
          port: 80

Flow we need of request to be happen:

  1. On new request http://foo.bar.com/our-app/ui
  2. Ingress validate and redirect to Authentication:
    a. Request check from Ingress second route will fail, and pass the third route.
    b. Application redirect to authentication with callback url as http://foo.bar.com/our-app/ui
  3. Callback after authentication Ingress validate again.
    a. Now, request will pass in second route condition(cookie contain token) and replace prefix then forward the request to application with http://foo.bar.com/ui

But flow actually happenning:
From above flow step 1 and step 2 working fine. But after authentication, callback url validate and replace prefix. Now updated request, re-evaluated at ingress and pass through first route condition, forwarding to 2pp-frontend.

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

Environment:

  • Contour version:
  • Kubernetes version: (use kubectl version):
  • Kubernetes installer & version:
  • Cloud provider or hardware configuration:
  • OS (e.g. from /etc/os-release):
@shivgana shivgana added kind/question Categorizes an issue as a user question. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. labels Aug 11, 2024
Copy link

Hey @shivgana! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace

Copy link

The Contour project currently lacks enough contributors to adequately respond to all Issues.

This bot triages Issues according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the Issue is closed

You can:

  • Mark this Issue as fresh by commenting
  • Close this Issue
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 14, 2024
Copy link

The Contour project currently lacks enough contributors to adequately respond to all Issues.

This bot triages Issues according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the Issue is closed

You can:

  • Mark this Issue as fresh by commenting
  • Close this Issue
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/question Categorizes an issue as a user question. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Development

No branches or pull requests

1 participant