Skip to content

Quicker Start via Kubectl Port-Forward #503

New issue
New issue
Open
Open
Quicker Start via Kubectl Port-Forward#503
@ghostsquad

Description

@ghostsquad
ghostsquad
opened on Feb 1, 2022

For AWS users, it seems that using an AWS NLB is a good move in order to reduce latency when exposing a Kubernetes Cluster to outside traffic. With that said, I think the "GettingStarted" page could actually reduce the number of different things that are needed by requesting that the user not try to access the "quote" service from a loadbalancer at first, but instead, just kubectl port-forward to the edge-stack service.

Unfortunately, I found that when I attempted to do that, I ran into 2 issues. 1 of which was that the Getting Started guide doesn't have you deploy a Host object at all. And that ends up resulting in automatic https and a 301 redirect which I found somewhat surprising and hard to figure out what was going on and why.

Here's the getting started page I'm referring to:
https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/

This page, which seems to be specific to AWS contained what appears to be invaluable data in regards to how to
https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador-with-aws/#l4-load-balancer-default-elb-or-nlb

specifically how to essentially disable Ambassador's automatic TLS functionality via:

apiVersion: getambassador.io/v3alpha1
kind: Host
metadata:
  name: ambassador
spec:
  hostname: "*"
  selector:
    matchLabels:
      hostname: wildcard
  acmeProvider:
    authority: none
  requestPolicy:
    insecure:
      action: Route

This was really really helpful once I pulled some of my hair out trying to find it (again), since I looked all over these places:
https://www.getambassador.io/docs/edge-stack/latest/topics/running/listener/

this page does tell me a bit about this behavior I was seeing (the 301), but it wasn't clear where what requestPolicy was, or where I should be setting this configuration.
https://www.getambassador.io/docs/edge-stack/latest/topics/running/host-crd/#secure-and-insecure-requests

Finally, when request to run this command:

curl -Lki https://$LB_ENDPOINT/backend/

I was unsure why -L, --location Follow redirects was included, and it was clear that SSL was broken since it also required -k, --insecure Allow insecure server connections when using SSL in the command.

So, why not just skip the "automatic TLS and such" until a second page?

Additionally, there are multiple other pages that claim that Host is required for traffic routing to work, yet it's not part of the Getting Started at all.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions