Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TunnelConfig ProxyType not working #334

Closed
bradyburke opened this issue Feb 9, 2023 · 7 comments
Closed

TunnelConfig ProxyType not working #334

bradyburke opened this issue Feb 9, 2023 · 7 comments
Assignees
@mikhailshilkov
Labels
kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed

Comments

@bradyburke
Copy link

What happened?

When using the following TunnelConfig:

new TunnelConfig(
      `${kubectlTunnelName}-config`,
      {
        accountId: accountId,
        tunnelId: this.kubectlTunnel.id,
        config: {
          warpRouting: {
            enabled: true,
          },
          originRequest: {
            proxyType: "socks",
          },
          ingressRules: [
            {
              hostname: kubectlTunnelDns,
              service: "tcp://kubernetes.default.svc:443"
            },
            {
              // Catch all
              service: "http_status:404",
            },
          ],
        },
      },
      { ...this.opts, dependsOn: [this.kubectlTunnel] }
    );

this does not get set when I view the Tunnel Configuration in the UI.

Expected Behavior

The expected behavior is the the proxyType gets set propery.

Steps to reproduce

Deploy the above code to a tunnel. Check proxyType through the UI

Output of pulumi about

❯ pulumi about
CLI
Version 3.52.1
Go Version go1.19.5
Go Compiler gc

Plugins
NAME VERSION
aws 5.10.0
azure-native 1.79.2
cloudflare 4.15.0
eks 0.41.2
gcp 6.45.0
kubernetes 3.20.3
nodejs unknown
random 4.8.1
tls 4.6.0

Host
OS darwin
Version 13.1
Arch arm64

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@bradyburke bradyburke added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Feb 9, 2023
@guineveresaenger
Copy link
Contributor

Hi @bradyburke - thank you for filing this bug!

Would it be possible for you to create a minimal program sample that we can run on our end to reproduce this behavior? It would help us help you faster - you are likely far more familiar with the regular ins and outs of the Cloudflare API.

@guineveresaenger guineveresaenger added awaiting-feedback Blocked on input from the author and removed needs-triage Needs attention from the triage team labels Feb 9, 2023
@bradyburke
Copy link
Author

bradyburke commented Feb 10, 2023
edited
Loading

@guineveresaenger

const kubectlTunnelName = "myTunnel";
const kubectlTunnel = new ArgoTunnel(
      kubectlTunnelName,
      {
        accountId: REDACTED,
        name: kubectlTunnelName,
        secret: REDACTED,
      }
    );

    new TunnelConfig(
      `${kubectlTunnelName}-config`,
      {
        accountId: REDACTED,
        tunnelId: kubectlTunnel.id,
        config: {
          warpRouting: {
            enabled: true,
          },
          originRequest: {
            proxyType: "socks",
          },
          ingressRules: [
            {
              hostname: "mydomain.com",
              service: "tcp://kubernetes.default.svc:443"
            },
            {
              // Catch all
              service: "http_status:404",
            },
          ],
        },
      }
    );

@AaronFriel AaronFriel self-assigned this Feb 13, 2023
@bradyburke
Copy link
Author

@AaronFriel @guineveresaenger any update? This is a blocker for us using these tunnels in our environments

@bradyburke
Copy link
Author

Additionally, this behavior can be seen when using proxy configurations:

    new TunnelConfig(
      `${kubectlTunnelName}-config`,
      {
        accountId: REDACTED,
        tunnelId: kubectlTunnel.id,
        config: {
          warpRouting: {
            enabled: true,
          },
          originRequest: {
            proxyType: "socks",
            proxyAddress: "kubernetes.default.svc",
            proxyPort: 443,
          },
          ingressRules: [
            {
              // Catch all
              service: "http_status:404",
            },
          ],
        },
      }
    );
    ```

@bradyburke
Copy link
Author

Additionally, per this page. OriginRequest should be a child of an ingress rule. However, in the Cloudflare Provider, it is an entirely separate configuration at the same level as ingressRules, which may have an effect.

ingress:
  - hostname: azure.widgetcorp.tech
    service: tcp://kubernetes.docker.internal:6443
    originRequest:
      proxyType: socks
  - service: http_status:404

@bds-congnguyen
Copy link

bds-congnguyen commented Mar 25, 2023
edited
Loading

@bradyburke correct, the OriginRequest must have specific values for each service
same behavior with Terraform https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/tunnel_config
that also have reported at cloudflare/terraform-provider-cloudflare#2275
and fixed at https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v3.35.0

@mikhailshilkov mikhailshilkov removed the awaiting-feedback Blocked on input from the author label Jul 28, 2023
@mikhailshilkov mikhailshilkov added the resolution/fixed This issue was fixed label Nov 29, 2023
@mikhailshilkov mikhailshilkov self-assigned this Nov 29, 2023
@mikhailshilkov
Copy link
Member

It looks like this has been fixed upstream in cloudflare/terraform-provider-cloudflare#2477 and is available in Pulumi Cloudflare 5.3.0 or later

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mikhailshilkov mikhailshilkov

Labels
kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@AaronFriel @mikhailshilkov @guineveresaenger @bradyburke @bds-congnguyen