-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gateway-api: Avoid redirect loop when the same host name is used for http and https listeners #29115
Conversation
Commit b839909 does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Tam Mach <tam.mach@cilium.io>
cccd00d
to
710b2dd
Compare
Commit b839909 does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
710b2dd
to
226e244
Compare
This is to fix the issue in which the wrong list of HTTP routes is used to construct virtual host for insecure and secure routes. Ideally, only related HTTP routes for the same listener ports should be considered. Normally, this should not have any side effect, except using weightage clusters for the multiple, but the same, backends. However, in case of redirect filter, this will cause redirect loop as mentioned in the below issue. Fixes: 299648f Fixes: cilium#28186 Signed-off-by: Tam Mach <tam.mach@cilium.io>
226e244
to
97e1dcb
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, this fixes an issue I was investigating last week :D
This is your friendly reminder that the current release-note isn't very user-friendly :). |
Thanks, I have updated the release note to give me little more context. |
I had troubles backporting this to v1.14 and had to give up. In particular, I think the first commit needs to be skipped and some of the refactored code in the second commit does not exist in v1.14. Thus marking as "backport/author" |
Noted and thanks, I will perform the backport soon. |
This is to fix the issue in which the wrong list of HTTP routes is used
to construct virtual host for insecure and secure routes. Ideally, only
related HTTP routes for the same listener ports should be considered.
Normally, this should not have any side effect, except using weightage
clusters for the multiple, but the same, backends. However, in case of
redirect filter, this will cause redirect loop as mentioned in the below
issue.
Fixes: #28186
Signed-off-by: Tam Mach tam.mach@cilium.io