Users want Ambassador to be able to route on headers added by extauth #1226
Assignees
Milestone
Comments
kflynn
changed the title
|
Same behavior with |
|
@nbkrause Do you have the Envoy config? Can you paste it here when you have a chance, please? |
|
{
"@type": "/envoy.config.bootstrap.v2.Bootstrap",
"static_resources": {
"clusters": [
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_127_0_0_1_8877",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 8877,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_127_0_0_1_8877",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_acme_challenge_service",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "acme-challenge-service",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_acme_challenge_service",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_ambassador_pro_auth",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "ambassador-pro-auth",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_ambassador_pro_auth",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_echo_websocket_org",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "echo.websocket.org",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_echo_websocket_org",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"http2_protocol_options": {},
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_example_rate_limit_5000",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "example-rate-limit",
"port_value": 5000,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_example_rate_limit_5000",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_extauth_ambassador_pro_auth",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "ambassador-pro-auth",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_extauth_ambassador_pro_auth",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"http2_protocol_options": {},
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_grpc_py_test",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "grpc-py.test",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_grpc_py_test",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_httpbin_org_80",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "httpbin.org",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_httpbin_org_80",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_microdonut_10001",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "microdonut",
"port_value": 10001,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_microdonut_10001",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_qotm",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "qotm",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_qotm",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_test_service",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "test-service",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_test_service",
"type": "STRICT_DNS"
}
],
"listeners": [
{
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 80,
"protocol": "TCP"
}
},
"filter_chains": [
{
"filters": [
{
"config": {
"access_log": [
{
"config": {
"format": "ACCESS [%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\"\n",
"path": "/dev/fd/1"
},
"name": "envoy.file_access_log"
}
],
"http_filters": [
{
"config": {
"http_service": {
"allowed_authorization_headers": [
"www-authenticate",
"location",
":authority",
"client-id",
"authorization",
"client-secret",
"x-database-id",
"set-cookie",
"proxy-authenticate"
],
"allowed_request_headers": [
":authority",
"from",
"proxy-authorization",
"client-id",
"authorization",
"user-agent",
"x-forwarded-for",
"client-secret",
"x-forwarded-proto",
"x-database-id",
"x-forwarded-host",
"cookie"
],
"path_prefix": null,
"server_uri": {
"cluster": "cluster_extauth_ambassador_pro_auth",
"timeout": "5.000s",
"uri": "http://"
}
},
"send_request_data": false
},
"name": "envoy.ext_authz"
},
{
"config": {
"domain": "ambassador",
"request_type": "both",
"timeout": "0.020s"
},
"name": "envoy.rate_limit"
},
{
"name": "envoy.cors"
},
{
"name": "envoy.router"
}
],
"route_config": {
"virtual_hosts": [
{
"domains": [
"*"
],
"name": "backend",
"routes": [
{
"match": {
"case_sensitive": true,
"prefix": "/.well-known/acme-challenge"
},
"route": {
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_acme_challenge_service",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/ambassador/v0/check_ready"
},
"route": {
"prefix_rewrite": "/ambassador/v0/check_ready",
"priority": null,
"timeout": "10.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_127_0_0_1_8877",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/ambassador/v0/check_alive"
},
"route": {
"prefix_rewrite": "/ambassador/v0/check_alive",
"priority": null,
"timeout": "10.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_127_0_0_1_8877",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/hello.Greeter/"
},
"route": {
"prefix_rewrite": "/hello.Greeter/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_grpc_py_test",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/ambassador/v0/"
},
"route": {
"prefix_rewrite": "/ambassador/v0/",
"priority": null,
"timeout": "10.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_127_0_0_1_8877",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/microdonut/"
},
"route": {
"prefix_rewrite": "/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_microdonut_10001",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/httpbin/"
},
"route": {
"host_rewrite": "httpbin.org",
"prefix_rewrite": "/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_httpbin_org_80",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/callback"
},
"route": {
"prefix_rewrite": "/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_ambassador_pro_auth",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"headers": [
{
"exact_match": "even.domain2.nkrause.k736.net",
"name": ":authority"
}
],
"prefix": "/qotm/"
},
"route": {
"prefix_rewrite": "/quote/1",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_qotm",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"headers": [
{
"exact_match": "odd.domain2.nkrause.k736.net",
"name": ":authority"
}
],
"prefix": "/qotm/"
},
"route": {
"prefix_rewrite": "/quote/2",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_qotm",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/qotm/"
},
"route": {
"prefix_rewrite": "/quote/0",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_qotm",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/echo/"
},
"route": {
"host_rewrite": "echo.websocket.org",
"prefix_rewrite": "/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_echo_websocket_org",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/foo"
},
"route": {
"cors": {
"allow_headers": "Keep-Alive, User-Agent",
"allow_methods": "GET, PUT, OPTIONS",
"allow_origin": [
"*"
],
"enabled": true
},
"prefix_rewrite": "/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_test_service",
"weight": 100.0
}
]
}
}
}
]
}
]
},
"stat_prefix": "ingress_http",
"upgrade_configs": [
{
"upgrade_type": "websocket"
}
],
"use_remote_address": true
},
"name": "envoy.http_connection_manager"
}
],
"use_proxy_proto": false
}
],
"name": "ambassador-listener-80"
}
]
}
}
{
"@type": "/envoy.config.bootstrap.v2.Bootstrap",
"static_resources": {
"clusters": [
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_127_0_0_1_8877",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 8877,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_127_0_0_1_8877",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_acme_challenge_service",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "acme-challenge-service",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_acme_challenge_service",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_ambassador_pro_auth",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "ambassador-pro-auth",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_ambassador_pro_auth",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_echo_websocket_org",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "echo.websocket.org",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_echo_websocket_org",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"http2_protocol_options": {},
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_example_rate_limit_5000",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "example-rate-limit",
"port_value": 5000,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_example_rate_limit_5000",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_extauth_ambassador_pro_auth",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "ambassador-pro-auth",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_extauth_ambassador_pro_auth",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"http2_protocol_options": {},
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_grpc_py_test",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "grpc-py.test",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_grpc_py_test",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_httpbin_org_80",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "httpbin.org",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_httpbin_org_80",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_microdonut_10001",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "microdonut",
"port_value": 10001,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_microdonut_10001",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_qotm",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "qotm",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_qotm",
"type": "STRICT_DNS"
},
{
"connect_timeout": "3s",
"dns_lookup_family": "V4_ONLY",
"lb_policy": "ROUND_ROBIN",
"load_assignment": {
"cluster_name": "cluster_test_service",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "test-service",
"port_value": 80,
"protocol": "TCP"
}
}
}
}
]
}
]
},
"name": "cluster_test_service",
"type": "STRICT_DNS"
}
],
"listeners": [
{
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 80,
"protocol": "TCP"
}
},
"filter_chains": [
{
"filters": [
{
"config": {
"access_log": [
{
"config": {
"format": "ACCESS [%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\"\n",
"path": "/dev/fd/1"
},
"name": "envoy.file_access_log"
}
],
"http_filters": [
{
"config": {
"http_service": {
"allowed_authorization_headers": [
"www-authenticate",
"location",
":authority",
"client-id",
"authorization",
"client-secret",
"x-database-id",
"set-cookie",
"proxy-authenticate"
],
"allowed_request_headers": [
":authority",
"from",
"proxy-authorization",
"client-id",
"authorization",
"user-agent",
"x-forwarded-for",
"client-secret",
"x-forwarded-proto",
"x-database-id",
"x-forwarded-host",
"cookie"
],
"path_prefix": null,
"server_uri": {
"cluster": "cluster_extauth_ambassador_pro_auth",
"timeout": "5.000s",
"uri": "http://"
}
},
"send_request_data": false
},
"name": "envoy.ext_authz"
},
{
"config": {
"domain": "ambassador",
"request_type": "both",
"timeout": "0.020s"
},
"name": "envoy.rate_limit"
},
{
"name": "envoy.cors"
},
{
"name": "envoy.router"
}
],
"route_config": {
"virtual_hosts": [
{
"domains": [
"*"
],
"name": "backend",
"routes": [
{
"match": {
"case_sensitive": true,
"prefix": "/.well-known/acme-challenge"
},
"route": {
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_acme_challenge_service",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/ambassador/v0/check_ready"
},
"route": {
"prefix_rewrite": "/ambassador/v0/check_ready",
"priority": null,
"timeout": "10.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_127_0_0_1_8877",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/ambassador/v0/check_alive"
},
"route": {
"prefix_rewrite": "/ambassador/v0/check_alive",
"priority": null,
"timeout": "10.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_127_0_0_1_8877",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/hello.Greeter/"
},
"route": {
"prefix_rewrite": "/hello.Greeter/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_grpc_py_test",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/ambassador/v0/"
},
"route": {
"prefix_rewrite": "/ambassador/v0/",
"priority": null,
"timeout": "10.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_127_0_0_1_8877",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/microdonut/"
},
"route": {
"prefix_rewrite": "/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_microdonut_10001",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/httpbin/"
},
"route": {
"host_rewrite": "httpbin.org",
"prefix_rewrite": "/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_httpbin_org_80",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/callback"
},
"route": {
"prefix_rewrite": "/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_ambassador_pro_auth",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"headers": [
{
"exact_match": "even",
"name": "X-Database-Id"
}
],
"prefix": "/qotm/"
},
"route": {
"prefix_rewrite": "/quote/2",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_qotm",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"headers": [
{
"exact_match": "odd",
"name": "X-Database-Id"
}
],
"prefix": "/qotm/"
},
"route": {
"prefix_rewrite": "/quote/3",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_qotm",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/qotm/"
},
"route": {
"prefix_rewrite": "/quote/0",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_qotm",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/echo/"
},
"route": {
"host_rewrite": "echo.websocket.org",
"prefix_rewrite": "/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_echo_websocket_org",
"weight": 100.0
}
]
}
}
},
{
"match": {
"case_sensitive": true,
"prefix": "/foo"
},
"route": {
"cors": {
"allow_headers": "Keep-Alive, User-Agent",
"allow_methods": "GET, PUT, OPTIONS",
"allow_origin": [
"*"
],
"enabled": true
},
"prefix_rewrite": "/",
"priority": null,
"timeout": "3.000s",
"weighted_clusters": {
"clusters": [
{
"name": "cluster_test_service",
"weight": 100.0
}
]
}
}
}
]
}
]
},
"stat_prefix": "ingress_http",
"upgrade_configs": [
{
"upgrade_type": "websocket"
}
],
"use_remote_address": true
},
"name": "envoy.http_connection_manager"
}
],
"use_proxy_proto": false
}
],
"name": "ambassador-listener-80"
}
]
}
} |
|
Ok, couple problems here. First, looking at the Envoy router logic: It doesn't seem possible to have both Second, loooking at where In this case the correct config for header-base routing should look more like this: Where FYI @kflynn @nbkrause |
|
After chatting @kflynn, I realized that this ^^ is not the correct use-case. It seems that the external authorization filter should be clearing the route cache |
kflynn
pushed a commit
that referenced
this issue
Feb 15, 2019
|
Awesome @kflynn |
|
I figured it out. I need to provide a default mapping. What the service is doesn't matter. If the default mapping doesn't exist, the ambassador won't send the request to extauth and return no_route. |
|
i am facing same issue. was there any fix identified for this |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It appears as though Envoy is not respecting a header set in the
AuthServicewhen routing to backend services.Senario:
AuthServicethat sets the headerx-database-id.Mappings that will route requests based off of this header:AuthServicecorrectly sets the header but the correctMappingis not selected. Requests that have theAuthServicesetx-database-id: evenwill get routed to theMappingqotm_other_mapping.AuthServicein Ambassador's logs at Debug level$ curl -v -k -H "x-database-id: odd" https://{AMBASSADOR_DOMAIN}/qotm/The text was updated successfully, but these errors were encountered: