Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin protocol not taken into account #14339

Open
1 task done
DMaxter opened this issue Mar 3, 2025 · 1 comment
Open
1 task done

Plugin protocol not taken into account #14339

DMaxter opened this issue Mar 3, 2025 · 1 comment
Labels
area/ingress-controller Issues where Kong is running as a Kubernetes Ingress Controller

Comments

@DMaxter
Copy link

DMaxter commented Mar 3, 2025
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Kong version ($ kong version)

3.9.0.1

Current Behavior

I have this configuration:

apiVersion: v1
kind: Service
metadata:
  name: my-service1
  annotations:
    konghq.com/plugins: request-termination-http
spec:
  ports:
    - port: 8100
      name: dummy
---
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: request-termination-https
plugin: request-termination
config:
  status_code: 200
  message: Hello from Secure Channel
protocols:
  - https
---
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: request-termination-http
plugin: request-termination
config:
  status_code: 200
  message: Hello from Insecure Route
protocols:
  - http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-route
  annotations:
    konghq.com/plugins: request-termination-https
spec:
  ingressClassName: kong
  rules:
  - http:
      paths:
      - path: /test
        pathType: ImplementationSpecific
        backend:
          service:
            name: my-service1
            port:
              number: 8080

Basically it is a service with a plugin that triggers for HTTP calls and a route with the same plugin but that triggers for HTTPS calls and has a different configuration.

When making a call to /test with HTTPS, I receive Hello from Secure Channel and that is okay, but when I make the same call in HTTP, I receive Hello from Secure Channel, even though the safe plugin is only configured to trigger for HTTPS calls

Expected Behavior

When calling /test in HTTP, I should receive Hello from Insecure Route instead while still receiving Hello from Secure Channel for HTTPS calls

Steps To Reproduce

  1. Deploy KIC with given configuration (or similar for regular gateway)
  2. Perform a call to https://<your hostname>/test
  3. Perform a call to http://<your hostname>/test
  4. Check that we have the same response when we shouldn't

Anything else?

No response
@Water-Melon Water-Melon added the area/ingress-controller Issues where Kong is running as a Kubernetes Ingress Controller label Mar 7, 2025
@DMaxter
Copy link
Author

DMaxter commented Mar 7, 2025

@Water-Melon this is marked as ingress-controller but I was able to replicate the same in a dbless environment (and also with Konnect)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ingress-controller Issues where Kong is running as a Kubernetes Ingress Controller
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Water-Melon @DMaxter