Redirect Loop and Mixed Protocol Issues with Kong Ingress Controller and HTTPRoute Configuration

I’m experiencing an issue with the Kong Ingress Controller where requests are caught in a redirect loop, bouncing between HTTP and HTTPS, and resulting in multiple 301 Moved Permanently responses before eventually serving the content. This behavior is observed when trying to access a specific endpoint through Kong.

Logs: When I run the following command:

curl http://kong-uat-1.example.pl/portal -L -I

I receive the following sequence of responses:

  1. Initial 301 Moved Permanently redirect from HTTP to HTTPS:
HTTP/1.1 301 Moved Permanently
Location: https://kong-uat-1.example.pl/portal
Server: kong/3.6.1
  1. Another 301 Moved Permanently redirect back to HTTP:
HTTP/2 301
Location: http://kong-uat-1.example.pl/portal/
Server: nginx
  1. Final resolution to the content with an HTTP/1.1 308 response.
Location: https://kong-uat-1.example.pl/portal/
X-Kong-Response-Latency: 0
Server: kong/3.6.1
  1. Final resolution to the content with an HTTP/1.1 200 response.

Configuration Details:

  • HTTPRoute Configuration:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  annotations:
    konghq.com/https-redirect-status-code: "301"
    konghq.com/preserve-host: "true"
    konghq.com/protocols: https
    konghq.com/request-buffering: "false"
    konghq.com/response-buffering: "false"
  name: frontend-portal-sky-generic-deployment-0
  namespace: apps
spec:
  parentRefs:
    - name: kong-ingress-internal
  rules:
    - backendRefs:
        - name: frontend-portal-sky-generic-deployment
          port: 80
      matches:
        - path:
            type: PathPrefix
            value: /portal

Issues Observed:

  1. Redirect Loop: The request is redirected multiple times between HTTP and HTTPS, which appears to create a loop before the final response is served. This may indicate a conflict between the HTTPS redirect and path handling logic.
  2. Mixed Protocols: The responses show a mixture of HTTP/1.1 and HTTP/2, and the protocol seems to switch during the redirect process. This could be a potential issue with how the ingress controller is handling protocol upgrades or redirects.

Expected Behavior:

  • The request should be redirected to HTTPS once, and then serve the content without further redirects.
  • The ingress controller should consistently handle the protocols as defined in the configuration.
  • Path handling should be clear and not cause any unnecessary redirects.