-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gRPC: authority pseudo header not forwarded to service #3706
Comments
Config example of our ingress and service: ingress.yaml:
service.yaml:
|
@fredr please check https://kubernetes.slack.com/archives/CANQGM8BA/p1548172633578200 Just in case, the Edit: the ingress controller does not filter headers to be proxied |
@aledbf yes, I posted that question, but the |
maybe we need to set the header? http://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_set_header |
@fredr maybe you can add the flag |
The output from when Interesting, seems like the
|
Also run into this; the |
Nginx doesn't set I think nginx ingress shouldn't set Quotes from rfc7540:
|
awesome @aledbf 🎉 |
kubernetes/ingress-nginx#3706 Signed-off-by: Anton Engelhardt <[email protected]>
kubernetes/ingress-nginx#3706 Signed-off-by: Anton Engelhardt <[email protected]>
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
BUG REPORT
NGINX Ingress controller version:
0.21.0
Kubernetes version (use
kubectl version
):v1.11.5-gke.5
Environment:
Google Cloud Platform
What happened:
We have a setup very similar to the grpc example
We have an ingress that terminates TLS, with an insecure GRPC backend (using the
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
annotation).The ingress backned is a service of ClusterIP type, that is pointing to a deployment running a simple grpc app.
When we port forward directly to a pod, and make grpc requests (or plain http2 requests), the
:authority
-header is set all the way.When we do requests via the ingress, the
:authority
-header is not set, but thehost
-header is set.What you expected to happen:
I expected the
:authority
-header to be set all the way down to the pod, other pseudo headers are set all the way (:method
,:path
and:scheme
is set)How to reproduce it (as minimally and precisely as possible):
Setting up the grpc example above and logging the headers should do it. Let me know if you want me to create some kind of example app.
Anything else we need to know:
Since the other pseudo headers are forwarded, I'm suspecting there might be a reason behind not forwarding the authority header. But the traffic to the ingress and from the ingress is HTTP2, so I havent been able to find a reasoning behind it.
The text was updated successfully, but these errors were encountered: