Insecure Connection Policy

[danehans]

What would you like to be added:
The ability to enforce how insecure (http) connections are handled for a xRoute:

InsecureConnections: “Redirect”: Redirects http > https connections for an xRoute.
InsecureConnections: “None”: Refuse http connections for an xRoute.
InsecureConnections: “Allow”: Allows insecure connections for an xRoute.

Why is this needed:
As a cluster operator, I need the ability to enforce how insecure (i.e. http) connections are handled for an xRoute bound to a Gateway. For example, I have hostname "foo.example.com" hosted by service-apis that routes to a backend http Service. The Gateway exposes a secure and insecure listener. I want to ensure any attempt for "http://foo.example.com" is either allowed, disallowed or redirected to "https://foo.example.com".

[danehans]

#35 lays the ground work for per route TLS configuration. If "Insecure Connection Policy" is a route-level configuration, then this can be added as a field of TLSConfig. Otherwise, should this functionality be added to gateway ListenerTLS?

[hbagdi]

Otherwise, should this functionality be added to gateway ListenerTLS?

This seems like a route level property since each application or route will want to control it.

I do see value in having a Gateway-level property where one configures redirects for every request.
But, it would be hard to use in practice. For instance, HTTP challenge in the ACME protocol for automated-certificate is always HTTP based.

[jpeach]

/kind user-story

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[robscott]

/remove-lifecycle stale

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[fejta-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

[hbagdi]

/remove-lifecycle rotten
/lifecycle frozen

[stevesloka]

In Contour, we've implemented this by having the 301 redirect from http->https if a cert is defined on the route. Then if someone needs to remove the redirect, we have a field to allow the route path to serve insecure.

What's nice about this is by default most folks probably want the 301 redirect if they have a cert applied, but don't need more configuration.

[hbagdi]

#713 covers this in some sense.
Safe to close?
/cc @robscott @jpeach @youngnick

[robscott]

Agree with that, feel free to reopen if there's a better more portable way to handle this.

/close

[k8s-ci-robot]

@robscott: Closing this issue.

In response to this:

Agree with that, feel free to reopen if there's a better more portable way to handle this.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.