Hi all
I have the following scenario:
- A webapp that makes requests to REST SVC and secured through Keycloak
- A REST SVC also secured through Keycloak and listen on port is 8080
- A running Keycloak instance
Every services run on Kubernetes.
When calling REST SVC from the browser, I’ve got Referrer-Policy: no-referrer-when-downgrade
and I haven’t figured out, why.
The REST SVC resource file:
---
# Source: svc/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: user-svc
labels:
helm.sh/chart: svc-0.1.0
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
---
# Source: svc/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-svc
labels:
helm.sh/chart: svc-0.1.0
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
template:
metadata:
labels:
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
spec:
imagePullSecrets:
- name: regcred
containers:
- name: user-svc
image: "hub.example.io/svc/user-svc:0.1.17"
imagePullPolicy: IfNotPresent
env:
- name: DB_USER
valueFrom:
secretKeyRef:
name: example.example-users-db.credentials.postgresql.acid.zalan.do
key: "username"
- name: DB_PW
valueFrom:
secretKeyRef:
name: example.example-users-db.credentials.postgresql.acid.zalan.do
key: "password"
- name: DB_URL
valueFrom:
configMapKeyRef:
name: example-users-db-url
key: "db_url"
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{}
---
# Source: svc/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: user-svc
labels:
helm.sh/chart: svc-0.1.0
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
spec:
tls:
- hosts:
- "dev.user.svc.example.io"
secretName: dev-cert-staging
rules:
- host: "dev.user.svc.example.io"
http:
paths:
- path: /
backend:
serviceName: user-svc
servicePort: 80
According to doc Referrer Policy, I have to change the service port to 443
to make it works. However I am quit not sure.
Thanks