Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPRoute with backendref to service within same namespace with explicit namespace parameter does not work without ReferenceGrant #5388

Closed
1 task done
jvanderneutstulen opened this issue Dec 29, 2023 · 1 comment · Fixed by #5392
Closed
1 task done

HTTPRoute with backendref to service within same namespace with explicit namespace parameter does not work without ReferenceGrant #5388

jvanderneutstulen opened this issue Dec 29, 2023 · 1 comment · Fixed by #5392
Assignees
@pmalek
Labels
bug Something isn't working
Milestone
KIC v3.1.x

Comments

@jvanderneutstulen
Copy link

jvanderneutstulen commented Dec 29, 2023
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Access to a service with a backendRef with an namespace parameter which is the same namespace as the HTTPRoute fails with a 500 Internal Server error.

Given an HTTPRoute with namespace some-namespace

  - backendRefs:
      - name: echoserver
        port: 80

works, but

  - backendRefs:
      - name: echoserver
        namespace: some-namespace
        port: 80

fails with 500 Internal Server error

This is a problem when using cert-manager with gateway api support, because it will define the temporary HTTPRoute with an explicit namespace parameter.

Expected Behavior

As the backendref is referencing a service in the same namespace I expect a 200 OK response. There should not be a difference in omitting the namespace or specifying the same namespace.

Steps To Reproduce

Given a kong gateway

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: kong-mgmt
  namespace: kong-mgmt
spec:
  gatewayClassName: kong
  listeners:
    - name: proxy
      port: 80
      protocol: HTTP
      allowedRoutes:
        namespaces:
          from: All

and echo app service

apiVersion: v1
kind: Service
metadata:
  name: echoserver
  namespace: echoserver
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: ClusterIP
  selector:
    app: echoserver

and this httproute

apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: echoserver-route
  namespace: echoserver
spec:
  parentRefs:
    - name: kong-mgmt
      namespace: kong-mgmt
  hostnames:
    - echo.example.com
  rules:
    - backendRefs:
        - name: echoserver
          port: 80
      matches:
        - path:
            type: PathPrefix
            value: /echo
    - backendRefs:
        - name: echoserver
          namespace: echoserver
          port: 80
      matches:
        - path:
            type: PathPrefix
            value: /namespace

curl -i -X GET http://echo.example.com/echo gives HTTP/1.1 200 OK and expected output

curl -i -X GET http://echo.example.com/namespace gives HTTP/1.1 500 Internal Server Error with '{"message":"no existing backendRef provided"}'

Workaround, apply a referencegrant:

apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
  name: grant-route
  namespace: echoserver
spec:
  from:
  - group: gateway.networking.k8s.io
    kind: HTTPRoute
    namespace: echoserver
  to:
  - group: ""
    kind: Service

Kong Ingress Controller version

KIC 3.0, installed by Helm package 0.10.1
All deployed with flux 2.1.2

Kubernetes version

Talos 1.6.1 with kubernetes 1.28.2

Anything else?

No response
@jvanderneutstulen jvanderneutstulen added the bug Something isn't working label Dec 29, 2023
@pmalek pmalek added this to the KIC v3.1.x milestone Jan 10, 2024
@programmer04 programmer04 mentioned this issue Jan 15, 2024
Merged
1 task
@pmalek pmalek self-assigned this Jan 15, 2024
@pmalek
Copy link
Member

pmalek commented Jan 16, 2024

This is merged in #5392 and will be release in KIC 3.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmalek pmalek

Labels
bug Something isn't working
Projects
None yet
Milestone
KIC v3.1.x
2 participants
@pmalek @jvanderneutstulen