|
| 1 | +/* |
| 2 | +Copyright 2024 The Kubernetes Authors. |
| 3 | +
|
| 4 | +Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | +you may not use this file except in compliance with the License. |
| 6 | +You may obtain a copy of the License at |
| 7 | +
|
| 8 | + http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | +
|
| 10 | +Unless required by applicable law or agreed to in writing, software |
| 11 | +distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | +See the License for the specific language governing permissions and |
| 14 | +limitations under the License. |
| 15 | +*/ |
| 16 | + |
| 17 | +package cilium |
| 18 | + |
| 19 | +import ( |
| 20 | + "fmt" |
| 21 | + |
| 22 | + "github.com/kubernetes-sigs/ingress2gateway/pkg/i2gw/intermediate" |
| 23 | + "github.com/kubernetes-sigs/ingress2gateway/pkg/i2gw/notifications" |
| 24 | + "github.com/kubernetes-sigs/ingress2gateway/pkg/i2gw/providers/common" |
| 25 | + networkingv1 "k8s.io/api/networking/v1" |
| 26 | + "k8s.io/apimachinery/pkg/types" |
| 27 | + "k8s.io/apimachinery/pkg/util/validation/field" |
| 28 | + "k8s.io/utils/ptr" |
| 29 | + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" |
| 30 | +) |
| 31 | + |
| 32 | +func forceHTTPSFeature(ingresses []networkingv1.Ingress, ir *intermediate.IR) field.ErrorList { |
| 33 | + var errs field.ErrorList |
| 34 | + forceHTTPSAnnotation := ciliumAnnotation("force-https") |
| 35 | + ruleGroups := common.GetRuleGroups(ingresses) |
| 36 | + for _, rg := range ruleGroups { |
| 37 | + |
| 38 | + for _, rule := range rg.Rules { |
| 39 | + if val, annotationFound := rule.Ingress.Annotations[forceHTTPSAnnotation]; val == "enabled" || val == "true" { |
| 40 | + if rule.Ingress.Spec.Rules == nil { |
| 41 | + continue |
| 42 | + } |
| 43 | + key := types.NamespacedName{Namespace: rule.Ingress.Namespace, Name: common.RouteName(rg.Name, rg.Host)} |
| 44 | + |
| 45 | + httpRoute, ok := ir.HTTPRoutes[key] |
| 46 | + if !ok { |
| 47 | + errs = append(errs, field.NotFound(field.NewPath("HTTPRoute"), key)) |
| 48 | + } |
| 49 | + |
| 50 | + for i, rule := range httpRoute.Spec.Rules { |
| 51 | + rule.Filters = append(rule.Filters, gatewayv1.HTTPRouteFilter{ |
| 52 | + Type: gatewayv1.HTTPRouteFilterRequestRedirect, |
| 53 | + RequestRedirect: &gatewayv1.HTTPRequestRedirectFilter{ |
| 54 | + Scheme: ptr.To("https"), |
| 55 | + StatusCode: ptr.To(int(301)), |
| 56 | + }, |
| 57 | + }) |
| 58 | + rule.BackendRefs = nil |
| 59 | + |
| 60 | + httpRoute.Spec.Rules[i] = rule |
| 61 | + |
| 62 | + } |
| 63 | + if annotationFound && ok { |
| 64 | + notify(notifications.InfoNotification, fmt.Sprintf("parsed \"%v\" annotation of ingress and patched %v fields", forceHTTPSAnnotation, field.NewPath("httproute", "spec", "rules").Key("").Child("filters")), &httpRoute) |
| 65 | + } |
| 66 | + } |
| 67 | + } |
| 68 | + } |
| 69 | + return errs |
| 70 | +} |
0 commit comments