Hello,
With the new kong ingress, and I am trying to add an external service (a google cloud function https trigger) using https. I try to proxy my serverless function using kong. This is what I am trying to achieve:
| Incoming Request | ----- http://foo.baz.local/foo -----> | Kong | ------ https:// myproject.cloudfunctions.net/foo-prod -----> | Google Function |
Using the following configuration, kong keep making request to the service through http.
kind: Service
apiVersion: v1
metadata:
name: fooservice
namespace: foo
spec:
type: ExternalName
externalName: myproject.cloudfunctions.net
ports:
- name: http
port: 80
protocol: TCP
- name: https
port: 443
protocol: TCP
---
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: foo-ingress
namespace: foo
proxy:
path: /foo-prod
route:
strip_path: true
---
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: transform-request-to-external
namespace: foo
config:
remove:
headers: host
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: foo-ingress
namespace: foo
annotations:
request-transformer.plugin.konghq.com: |
transform-request-to-external
spec:
rules:
- host: foo.baz.local
http:
paths:
- path: /foo
backend:
serviceName: fooservice
servicePort: https
Now if i run something similar to curl -X GET --url http://localhost:8001/services
on the admin-api pods, it responds:
{"next":null,"data":[{"host":"foo.fooservice.https","created_at":1530465759,"connect_timeout":60000,"id":"xxxx-2866-xxxx-92fb-xxxx","protocol":"http","name":"foo.fooservice.https","read_timeout":60000,"port":80,"path":"\/le-cab-prod-1","updated_at":1530465759,"retries":5,"write_timeout":60000}]}
The port used by kong is “80” and the protocol is “http”, how can I ensure kong is making theses requests through HTTPS? I tryed to add ingress.kubernetes.io/secure-backends: "true"
(from NGINX ingress spec) but this does not work. I can notice if upstream.Secure
in file https://github.com/Kong/kubernetes-ingress-controller/blob/master/internal/ingress/controller/kong.go but I can not figure where “.Secure” comes from
Testing this deployment made me notice kong now route “http://foo.baz.local/foo” AND “http://foo.baz.local/foo-prod”. Should’nt it create only a route for “http://foo.baz.local/foo” with my configuration?