Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to set Header value from another header #2516

Closed
primeroz opened this issue May 11, 2020 · 7 comments
Closed

Add support to set Header value from another header #2516

primeroz opened this issue May 11, 2020 · 7 comments
Labels
blocked Blocked waiting on a dependency lifecycle/accepted Denotes an issue that has been triaged and determined to be valid. lifecycle/investigating Denotes an issue that is assigned and is being actively investigated by the issue owner. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@primeroz
Copy link

Please describe the problem you have
I have some Third Party LoadBalancers, on which i don't have any Control, setting the Real IP header to a custom header like x-real-client-ip rather than the usual x-forwarded-for

In my current haproxy ingress , which i am trying to replace with contour , i simply have a frontend snippet like

acl acl_real_client_ip_header_exists req.hdr(X-Real-Client-IP) -m found
http-request set-header X-Forwarded-For %[req.hdr(X-Real-Client-IP)] if acl_real_client_ip_header_exists
http-request set-header X-Forwarded-For %[src] if !acl_real_client_ip_header_exists
  • If the header X-Real-Client-IP exist then set x-forwarded-for to the value of x-real-client-ip
  • else set x-forwarded-for to the src ip

Ideally i would expect something like

  routes:
    - services:
      - name: podinfo
        port: 8443
        responseHeadersPolicy:
          set:
              - name: x-forwarded-for
                valueFromHeader: x-real-client-ip
                fallback: ignore

To copy the value if present and ignore if not present ( and hopefully still get the standard x-forwarded-for behavior from contour
@jpeach jpeach added the lifecycle/investigating Denotes an issue that is assigned and is being actively investigated by the issue owner. label May 12, 2020
@jpeach
Copy link
Contributor

jpeach commented May 12, 2020

Envoy header tokens should work here, but AFAIK there's no fallback if the wanted header isn't present.

@primeroz
Copy link
Author

the fallback was a nice to have rather than a requirement, mostly because in my current ingress is done at the frontend level for all possible backends so i have to handle a fallback like this

in contour though this would be done on a per route level so i can be sure the header is expected and only add the rule on those routes that expect it.

i will try what you suggested in the slack %REQ(header-name)% and close this issue if it works
thanks!

@primeroz
Copy link
Author

Unfortunately i don't seem to be able to apply the header tokens syntax to the HTTPProxy resource and have it propagate cleanly to Envoy.

When using YAML

Unquoted string - syntax error

➜  podinfo git:(master) ✗ (⎈ |kind-kind) cat 02-httproxy-tls.yaml| tail -n4
      requestHeadersPolicy:
        set:
        - name: x-forwarded-for
          value: %REQ(X-True-Client-Ip-Abcd)%
➜  podinfo git:(master) ✗ (⎈ |kind-kind) kubectl apply -f 02-httproxy-tls.yaml
error: error parsing 02-httproxy-tls.yaml: error converting YAML to JSON: yaml: line 34: found character that cannot start any token

Quoted string , both using single and double quotes convert to envoy config

           {
            "header": {
             "key": "X-Forwarded-For",
             "value": "%%REQ(X-True-Client-Ip-Abcd)%%"
            },
            "append": false
           }

and a litelar string when i hit the service

  "X-Forwarded-For": [
    "%REQ(X-True-Client-Ip-Abcd)%, 10.244.0.5"
  ],

Even using json for the HTTPProxy , which should make it easier to handle quoting of string, i get the same result of literal"value": "%%REQ(X-True-Client-Ip-Abcd)%%" in the config

cat 02-httproxy-tls.json | jq .spec.routes
[
  {
    "requestHeadersPolicy": {
      "set": [
        {
          "name": "x-forwarded-for",
          "value": "REQ(X-True-Client-Ip-Abcd)"
        }
      ]
    },
    "services": [
      {
        "name": "podinfo",
        "port": 8443
      }
    ]
  }
]

@jpeach
Copy link
Contributor

jpeach commented Jun 5, 2020

#2006 (comment)

jpeach added a commit to jpeach/contour that referenced this issue Jun 5, 2020
@jpeach
internal/dag: remove Envoy header name quoting
a1570c9 
Remove the '%' quoting on Envoy header names so that operators can
configure Envoy header variables.

This fixes projectcontour#2516.

Signed-off-by: James Peach <jpeach@vmware.com>
@jpeach jpeach mentioned this issue Jun 5, 2020
Closed
@jpeach jpeach added the blocked Blocked waiting on a dependency label Jun 9, 2020
@jpeach
Copy link
Contributor

jpeach commented Jun 9, 2020

Blocked on #1176 (see discussion in #2569).

@jpeach jpeach added the lifecycle/accepted Denotes an issue that has been triaged and determined to be valid. label Jun 9, 2020
@jpeach jpeach mentioned this issue Aug 7, 2020
Closed
@erwbgy erwbgy mentioned this issue Dec 30, 2020
Closed
@github-actions GitHub Actions
Copy link

The Contour project currently lacks enough contributors to adequately respond to all Issues.

This bot triages Issues according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the Issue is closed

You can:

  • Mark this Issue as fresh by commenting
  • Close this Issue
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 14, 2024
@github-actions GitHub Actions
Copy link

The Contour project currently lacks enough contributors to adequately respond to all Issues.

This bot triages Issues according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the Issue is closed

You can:

  • Mark this Issue as fresh by commenting
  • Close this Issue
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Feb 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked Blocked waiting on a dependency lifecycle/accepted Denotes an issue that has been triaged and determined to be valid. lifecycle/investigating Denotes an issue that is assigned and is being actively investigated by the issue owner. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

internal/dag: remove Envoy header name quoting jpeach/contour
2 participants
@jpeach @primeroz