Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[httpd] Use absolute url with schema in redirect rule #396

Merged

Conversation

olliewalsh
Copy link
Contributor

@olliewalsh olliewalsh commented Dec 11, 2024

Use the endpoint in the redirect rule to ensure it references the correct base url and schema which can be different to the current schema when TLS is terminated at the route

Added horizonEndpoint template param with the full url, renamed the incorrectly named horizonEndpointUrl to horizonEndpointHost.

Jira: OSPRH-12005

@olliewalsh
Copy link
Contributor Author

/cherry-pick 18.0-fr1

@openshift-cherrypick-robot

@olliewalsh: once the present PR merges, I will cherry-pick it on top of 18.0-fr1 in a new PR and assign it to you.

In response to this:

/cherry-pick 18.0-fr1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@olliewalsh
Copy link
Contributor Author

/test horizon-operator-build-deploy-kuttl

@@ -65,17 +65,17 @@ def get_pod_ip():
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
try:
s.connect(("{{ .horizonEndpointUrl }}", 80))
s.connect(("{{ .horizonEndpointHost }}", 80))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in case of tls, is this still port 80?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC this doesn't matter, just opens a socket to $something to determine the pod IP.
I guess if there is a firewall blocking port 80 on the ingress controller it would block this though so might be best to use the correct port

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, correct. I just needed a way to determine the pods IP address so that we could add it to ALLOWED_HOSTS. The port should be ok, because port 80 is always open it just redirects to 443, and an open port of any kind is sufficient to pick up the IP address.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

However in this specific case port 80 is firewalled (not specified where/how though) so it may be safest to use the correct port for the endpoint

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in the latest patch. Maybe in a follow-up should look into replacing this with downward-api volume or env var passing status.podIP instead

Use the endpoint in the redirect rule to ensure it references the correct
base url and schema which can be different to the current schema
when TLS is terminated at the route

Added horizonEndpoint template param with the full url, renamed the
incorrectly named horizonEndpointUrl to horizonEndpointHost.

Jira: OSPRH-12005
@olliewalsh
Copy link
Contributor Author

/retest

Copy link
Contributor

@stuggi stuggi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Copy link
Contributor

openshift-ci bot commented Dec 17, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bshephar, olliewalsh, stuggi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [bshephar,olliewalsh,stuggi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the lgtm label Dec 17, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit e006d13 into openstack-k8s-operators:main Dec 17, 2024
6 checks passed
@openshift-cherrypick-robot

@olliewalsh: new pull request created: #398

In response to this:

/cherry-pick 18.0-fr1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants