HTTPProxy ExternalName mirror 404s despite Host header being set #7166
Description
What steps did you take and what happened:
I created an ExternalName service which works when mirror: false but does not work when mirror: true
My ExternalName service looks like:
apiVersion: v1
kind: Service
metadata:
name: external
annotations:
projectcontour.io/upstream-protocol.tls: 443,https
spec:
type: ExternalName
externalName: external-service.example.com
ports:
- name: https
port: 443
targetPort: 443And my HTTPProxy:
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: proxy
spec:
ingressClassName: contour
virtualhost:
fqdn: my-app.example.com
tls:
secretName: tls-secret
routes:
- services:
- name: external
port: 443
requestHeadersPolicy:
set:
- name: Host
value: external-service.example.com
mirror: true
- name: my-app
port: 8089What did you expect to happen:
Production traffic to my-app.example.com goes to the in-cluster service my-app:8089 and is also mirrored to external-service.example.com
Anything else you would like to add:
With tracing enabled I can see that the mirror is connecting to the right IP, right port, and getting a 404
I'm not seeing the request in the logs on the other side, which makes me suspect the Host header is not working (or maybe something with SNI?)
Environment:
- Contour version: v1.32.0
- Kubernetes version: (use
kubectl version): v1.31.10-eks-931bdca - Kubernetes installer & version: EKS
- Cloud provider or hardware configuration:
- OS (e.g. from
/etc/os-release):