Skip to content

Instantly share code, notes, and snippets.

@ReToCode

ReToCode/README.md Secret

Created March 15, 2024 09:26
Show Gist options
  • Save ReToCode/2e4d2b3223752c6f380348ef027c55b3 to your computer and use it in GitHub Desktop.
Save ReToCode/2e4d2b3223752c6f380348ef027c55b3 to your computer and use it in GitHub Desktop.
Download ZIP
net-gateway-api with http redirects
Raw
README.md

Basic test

cat <<-EOF | kubectl apply -f -
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: helloworld-go
spec:
  template:
    spec:
      containers:
      - image: gcr.io/knative-samples/helloworld-go
        env:
        - name: TARGET
          value: Go Sample v1
EOF
# Testing it
curl http://helloworld-go.default.172.17.0.100.sslip.io
Hello Go Sample v1!

With https

# cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
kubectl wait --for=condition=Established --all crd
kubectl wait --for=condition=Available -n cert-manager --all deployments

# net-certmanager
kubectl apply -f http://storage.googleapis.com/knative-nightly/net-certmanager/latest/net-certmanager.yaml

# enable encryption
kubectl patch cm config-network -n "knative-serving" -p '{"data":{"external-domain-tls":"enabled"}}'
# Testing with HTTPS
curl -k https://helloworld-go.default.172.17.0.100.sslip.io
Hello Go Sample v1!

# Testing with HTTP (should still work)
curl http://helloworld-go.default.172.17.0.100.sslip.io
Hello Go Sample v1!

With http-option

cat <<-EOF | kubectl apply -f -
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: helloworld-go
  annotations:
    networking.knative.dev/http-protocol: "redirected"
spec:
  template:
    spec:
      containers:
      - image: gcr.io/knative-samples/helloworld-go
        env:
        - name: TARGET
          value: Go Sample v1
EOF

Produces: king:

apiVersion: networking.internal.knative.dev/v1alpha1
kind: Ingress
metadata:
  name: helloworld-go
  namespace: default
spec:
  httpOption: Redirected
#...

And HTTPRoutes

kubectl get httproute
NAME                                                   HOSTNAMES                                                                                         AGE
helloworld-go.default.172.17.0.100.sslip.io-redirect   ["helloworld-go.default.172.17.0.100.sslip.io"]                                                   90s
helloworld-go.default.172.17.0.100.sslip.io            ["helloworld-go.default.172.17.0.100.sslip.io"]                                                   5m13s
helloworld-go.default.svc.cluster.local                ["helloworld-go.default","helloworld-go.default.svc","helloworld-go.default.svc.cluster.local"]   5m13s
# Testing with HTTPS
curl -k https://helloworld-go.default.172.17.0.100.sslip.io
Hello Go Sample v1!

# Testing with HTTP (should redirect)
curl -iv http://helloworld-go.default.172.17.0.100.sslip.io
*   Trying 172.17.0.100:80...
* Connected to helloworld-go.default.172.17.0.100.sslip.io (172.17.0.100) port 80
> GET / HTTP/1.1
> Host: helloworld-go.default.172.17.0.100.sslip.io
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< location: https://helloworld-go.default.172.17.0.100.sslip.io/
location: https://helloworld-go.default.172.17.0.100.sslip.io/
Raw
gateways.yaml
apiVersion: v1
items:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"gateway.networking.k8s.io/v1beta1","kind":"Gateway","metadata":{"annotations":{},"name":"knative-local-gateway","namespace":"istio-system"},"spec":{"addresses":[{"type":"Hostname","value":"knative-local-gateway"}],"gatewayClassName":"istio","listeners":[{"allowedRoutes":{"namespaces":{"from":"All"}},"name":"default","port":80,"protocol":"HTTP"}]}}
creationTimestamp: "2024-03-15T08:18:53Z"
generation: 1
name: knative-local-gateway
namespace: istio-system
resourceVersion: "48712"
uid: ef962e99-bc8b-4287-86f2-d5316bd1d6b2
spec:
addresses:
- type: Hostname
value: knative-local-gateway
gatewayClassName: istio
listeners:
- allowedRoutes:
namespaces:
from: All
name: default
port: 80
protocol: HTTP
status:
addresses:
- type: Hostname
value: knative-local-gateway.istio-system.svc.cluster.local
conditions:
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: Resource accepted
observedGeneration: 1
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: Resource programmed, assigned to service(s) knative-local-gateway.istio-system.svc.cluster.local:80
observedGeneration: 1
reason: Programmed
status: "True"
type: Programmed
listeners:
- attachedRoutes: 1
conditions:
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: No errors found
observedGeneration: 1
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: No errors found
observedGeneration: 1
reason: NoConflicts
status: "False"
type: Conflicted
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: No errors found
observedGeneration: 1
reason: Programmed
status: "True"
type: Programmed
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: No errors found
observedGeneration: 1
reason: ResolvedRefs
status: "True"
type: ResolvedRefs
name: default
supportedKinds:
- group: gateway.networking.k8s.io
kind: HTTPRoute
- group: gateway.networking.k8s.io
kind: GRPCRoute
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"gateway.networking.k8s.io/v1beta1","kind":"Gateway","metadata":{"annotations":{},"name":"knative-gateway","namespace":"istio-system"},"spec":{"addresses":[{"type":"Hostname","value":"istio-ingressgateway"}],"gatewayClassName":"istio","listeners":[{"allowedRoutes":{"namespaces":{"from":"All"}},"name":"default","port":80,"protocol":"HTTP"}]}}
creationTimestamp: "2024-03-15T08:18:53Z"
generation: 18
name: knative-gateway
namespace: istio-system
resourceVersion: "49573"
uid: 1fa4cf57-ff41-41fb-b3d5-583e01f6e952
spec:
addresses:
- type: Hostname
value: istio-ingressgateway
gatewayClassName: istio
listeners:
- allowedRoutes:
namespaces:
from: All
name: default
port: 80
protocol: HTTP
- allowedRoutes:
namespaces:
from: Selector
selector:
matchLabels:
kubernetes.io/metadata.name: default
hostname: helloworld-go.default.172.17.0.100.sslip.io
name: kni-7accbb3d-270b-4626-b542-b786a8b1f229
port: 443
protocol: HTTPS
tls:
certificateRefs:
- group: ""
kind: Secret
name: route-e506f777-ef82-4b60-8a55-4f2968e31728
namespace: default
mode: Terminate
status:
addresses:
- type: IPAddress
value: 172.17.0.100
conditions:
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: Resource accepted
observedGeneration: 18
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: "2024-03-15T08:20:46Z"
message: Resource programmed, assigned to service(s) istio-ingressgateway.istio-system.svc.cluster.local:443
and istio-ingressgateway.istio-system.svc.cluster.local:80
observedGeneration: 18
reason: Programmed
status: "True"
type: Programmed
listeners:
- attachedRoutes: 1
conditions:
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: No errors found
observedGeneration: 18
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: No errors found
observedGeneration: 18
reason: NoConflicts
status: "False"
type: Conflicted
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: No errors found
observedGeneration: 18
reason: Programmed
status: "True"
type: Programmed
- lastTransitionTime: "2024-03-15T08:18:53Z"
message: No errors found
observedGeneration: 18
reason: ResolvedRefs
status: "True"
type: ResolvedRefs
name: default
supportedKinds:
- group: gateway.networking.k8s.io
kind: HTTPRoute
- group: gateway.networking.k8s.io
kind: GRPCRoute
- attachedRoutes: 1
conditions:
- lastTransitionTime: "2024-03-15T09:18:51Z"
message: No errors found
observedGeneration: 18
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: "2024-03-15T09:18:51Z"
message: No errors found
observedGeneration: 18
reason: NoConflicts
status: "False"
type: Conflicted
- lastTransitionTime: "2024-03-15T09:18:51Z"
message: No errors found
observedGeneration: 18
reason: Programmed
status: "True"
type: Programmed
- lastTransitionTime: "2024-03-15T09:18:51Z"
message: No errors found
observedGeneration: 18
reason: ResolvedRefs
status: "True"
type: ResolvedRefs
name: kni-7accbb3d-270b-4626-b542-b786a8b1f229
supportedKinds:
- group: gateway.networking.k8s.io
kind: HTTPRoute
- group: gateway.networking.k8s.io
kind: GRPCRoute
kind: List
metadata:
resourceVersion: ""
Raw
httproutes.yaml
apiVersion: v1
items:
- apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
annotations:
networking.internal.knative.dev/rollout: '{"configurations":[{"configurationName":"helloworld-go","percent":100,"revisions":[{"revisionName":"helloworld-go-00001","percent":100}],"stepParams":{}}]}'
networking.knative.dev/http-protocol: redirected
networking.knative.dev/ingress.class: gateway-api.ingress.networking.knative.dev
serving.knative.dev/creator: system:admin
serving.knative.dev/lastModifier: system:admin
creationTimestamp: "2024-03-15T09:20:05Z"
generation: 1
labels:
networking.knative.dev/visibility: ""
serving.knative.dev/route: helloworld-go
serving.knative.dev/routeNamespace: default
serving.knative.dev/service: helloworld-go
name: helloworld-go.default.172.17.0.100.sslip.io-redirect
namespace: default
ownerReferences:
- apiVersion: networking.internal.knative.dev/v1alpha1
blockOwnerDeletion: true
controller: true
kind: Ingress
name: helloworld-go
uid: 7accbb3d-270b-4626-b542-b786a8b1f229
resourceVersion: "50001"
uid: 5b5988a1-7ec4-4723-bdb1-bb36a597e276
spec:
hostnames:
- helloworld-go.default.172.17.0.100.sslip.io
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: knative-gateway
namespace: istio-system
sectionName: default
rules:
- filters:
- requestRedirect:
port: 443
scheme: https
statusCode: 301
type: RequestRedirect
matches:
- headers:
- name: K-Network-Hash
type: Exact
value: override
path:
type: PathPrefix
value: /
- filters:
- requestRedirect:
port: 443
scheme: https
statusCode: 301
type: RequestRedirect
matches:
- path:
type: PathPrefix
value: /
status:
parents:
- conditions:
- lastTransitionTime: "2024-03-15T09:20:05Z"
message: Route was valid
observedGeneration: 1
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: "2024-03-15T09:20:05Z"
message: All references resolved
observedGeneration: 1
reason: ResolvedRefs
status: "True"
type: ResolvedRefs
controllerName: istio.io/gateway-controller
parentRef:
group: gateway.networking.k8s.io
kind: Gateway
name: knative-gateway
namespace: istio-system
sectionName: default
- apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
annotations:
networking.internal.knative.dev/rollout: '{"configurations":[{"configurationName":"helloworld-go","percent":100,"revisions":[{"revisionName":"helloworld-go-00001","percent":100}],"stepParams":{}}]}'
networking.knative.dev/http-protocol: redirected
networking.knative.dev/ingress.class: gateway-api.ingress.networking.knative.dev
serving.knative.dev/creator: system:admin
serving.knative.dev/lastModifier: system:admin
creationTimestamp: "2024-03-15T09:16:22Z"
generation: 3
labels:
networking.knative.dev/visibility: ""
serving.knative.dev/route: helloworld-go
serving.knative.dev/routeNamespace: default
serving.knative.dev/service: helloworld-go
name: helloworld-go.default.172.17.0.100.sslip.io
namespace: default
ownerReferences:
- apiVersion: networking.internal.knative.dev/v1alpha1
blockOwnerDeletion: true
controller: true
kind: Ingress
name: helloworld-go
uid: 7accbb3d-270b-4626-b542-b786a8b1f229
resourceVersion: "50002"
uid: 26eaca7c-0252-4d3a-9c79-82f8fa6d8f3d
spec:
hostnames:
- helloworld-go.default.172.17.0.100.sslip.io
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: knative-gateway
namespace: istio-system
sectionName: kni-7accbb3d-270b-4626-b542-b786a8b1f229
rules:
- backendRefs:
- filters:
- requestHeaderModifier:
set:
- name: Knative-Serving-Revision
value: helloworld-go-00001
- name: Knative-Serving-Namespace
value: default
type: RequestHeaderModifier
group: ""
kind: Service
name: helloworld-go-00001
port: 80
weight: 100
filters:
- requestHeaderModifier:
set:
- name: K-Network-Hash
value: c4b84f8237f8fbe725e8e3b1dda552f7a379e3abf3fb0aa65a950f4f597b547b
type: RequestHeaderModifier
matches:
- headers:
- name: K-Network-Hash
type: Exact
value: override
path:
type: PathPrefix
value: /
- backendRefs:
- filters:
- requestHeaderModifier:
set:
- name: Knative-Serving-Revision
value: helloworld-go-00001
- name: Knative-Serving-Namespace
value: default
type: RequestHeaderModifier
group: ""
kind: Service
name: helloworld-go-00001
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
status:
parents:
- conditions:
- lastTransitionTime: "2024-03-15T09:20:05Z"
message: Route was valid
observedGeneration: 3
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: "2024-03-15T09:20:05Z"
message: All references resolved
observedGeneration: 3
reason: ResolvedRefs
status: "True"
type: ResolvedRefs
controllerName: istio.io/gateway-controller
parentRef:
group: gateway.networking.k8s.io
kind: Gateway
name: knative-gateway
namespace: istio-system
sectionName: kni-7accbb3d-270b-4626-b542-b786a8b1f229
- apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
annotations:
networking.internal.knative.dev/rollout: '{"configurations":[{"configurationName":"helloworld-go","percent":100,"revisions":[{"revisionName":"helloworld-go-00001","percent":100}],"stepParams":{}}]}'
networking.knative.dev/http-protocol: redirected
networking.knative.dev/ingress.class: gateway-api.ingress.networking.knative.dev
serving.knative.dev/creator: system:admin
serving.knative.dev/lastModifier: system:admin
creationTimestamp: "2024-03-15T09:16:22Z"
generation: 3
labels:
networking.knative.dev/visibility: cluster-local
serving.knative.dev/route: helloworld-go
serving.knative.dev/routeNamespace: default
serving.knative.dev/service: helloworld-go
name: helloworld-go.default.svc.cluster.local
namespace: default
ownerReferences:
- apiVersion: networking.internal.knative.dev/v1alpha1
blockOwnerDeletion: true
controller: true
kind: Ingress
name: helloworld-go
uid: 7accbb3d-270b-4626-b542-b786a8b1f229
resourceVersion: "50003"
uid: 05a6c020-83cf-4f4b-af9a-03cd33840148
spec:
hostnames:
- helloworld-go.default
- helloworld-go.default.svc
- helloworld-go.default.svc.cluster.local
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: knative-local-gateway
namespace: istio-system
rules:
- backendRefs:
- filters:
- requestHeaderModifier:
set:
- name: Knative-Serving-Revision
value: helloworld-go-00001
- name: Knative-Serving-Namespace
value: default
type: RequestHeaderModifier
group: ""
kind: Service
name: helloworld-go-00001
port: 80
weight: 100
filters:
- requestHeaderModifier:
set:
- name: K-Network-Hash
value: c4b84f8237f8fbe725e8e3b1dda552f7a379e3abf3fb0aa65a950f4f597b547b
type: RequestHeaderModifier
matches:
- headers:
- name: K-Network-Hash
type: Exact
value: override
path:
type: PathPrefix
value: /
- backendRefs:
- filters:
- requestHeaderModifier:
set:
- name: Knative-Serving-Revision
value: helloworld-go-00001
- name: Knative-Serving-Namespace
value: default
type: RequestHeaderModifier
group: ""
kind: Service
name: helloworld-go-00001
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
status:
parents:
- conditions:
- lastTransitionTime: "2024-03-15T09:16:22Z"
message: Route was valid
observedGeneration: 3
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: "2024-03-15T09:16:22Z"
message: All references resolved
observedGeneration: 3
reason: ResolvedRefs
status: "True"
type: ResolvedRefs
controllerName: istio.io/gateway-controller
parentRef:
group: gateway.networking.k8s.io
kind: Gateway
name: knative-local-gateway
namespace: istio-system
kind: List
metadata:
resourceVersion: ""
Raw
king.yaml
apiVersion: v1
items:
- apiVersion: networking.internal.knative.dev/v1alpha1
kind: Ingress
metadata:
annotations:
networking.internal.knative.dev/rollout: '{"configurations":[{"configurationName":"helloworld-go","percent":100,"revisions":[{"revisionName":"helloworld-go-00001","percent":100}],"stepParams":{}}]}'
networking.knative.dev/http-protocol: redirected
networking.knative.dev/ingress.class: gateway-api.ingress.networking.knative.dev
serving.knative.dev/creator: system:admin
serving.knative.dev/lastModifier: system:admin
creationTimestamp: "2024-03-15T09:15:53Z"
finalizers:
- ingresses.networking.internal.knative.dev
generation: 3
labels:
serving.knative.dev/route: helloworld-go
serving.knative.dev/routeNamespace: default
serving.knative.dev/service: helloworld-go
name: helloworld-go
namespace: default
ownerReferences:
- apiVersion: serving.knative.dev/v1
blockOwnerDeletion: true
controller: true
kind: Route
name: helloworld-go
uid: e506f777-ef82-4b60-8a55-4f2968e31728
resourceVersion: "50004"
uid: 7accbb3d-270b-4626-b542-b786a8b1f229
spec:
httpOption: Redirected
rules:
- hosts:
- helloworld-go.default
- helloworld-go.default.svc
- helloworld-go.default.svc.cluster.local
http:
paths:
- splits:
- appendHeaders:
Knative-Serving-Namespace: default
Knative-Serving-Revision: helloworld-go-00001
percent: 100
serviceName: helloworld-go-00001
serviceNamespace: default
servicePort: 80
visibility: ClusterLocal
- hosts:
- helloworld-go.default.172.17.0.100.sslip.io
http:
paths:
- splits:
- appendHeaders:
Knative-Serving-Namespace: default
Knative-Serving-Revision: helloworld-go-00001
percent: 100
serviceName: helloworld-go-00001
serviceNamespace: default
servicePort: 80
visibility: ExternalIP
tls:
- hosts:
- helloworld-go.default.172.17.0.100.sslip.io
secretName: route-e506f777-ef82-4b60-8a55-4f2968e31728
secretNamespace: default
status:
conditions:
- lastTransitionTime: "2024-03-15T09:20:05Z"
status: "True"
type: LoadBalancerReady
- lastTransitionTime: "2024-03-15T09:16:22Z"
status: "True"
type: NetworkConfigured
- lastTransitionTime: "2024-03-15T09:20:05Z"
status: "True"
type: Ready
observedGeneration: 3
privateLoadBalancer:
ingress:
- domainInternal: knative-local-gateway.istio-system.svc.cluster.local
publicLoadBalancer:
ingress:
- domainInternal: istio-ingressgateway.istio-system.svc.cluster.local
kind: List
metadata:
resourceVersion: ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment