corsgoogle-kubernetes-enginegcp-load-balancerkubernetes-gateway-api

How To Add Preflight Missing Allow-Origin Header In Kubernetes Gateway API


We are leveraging the power of Kubernetes Gateway API to use it capabilities in Gateway and HTTPRoute.

We have a simple Gateway resource that uses a GKE External Global LoadBalancer. Below shows the full manifest code

kind: Gateway
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
  name: external-http
  namespace: infra-ns
spec:
  gatewayClassName: gke-l7-global-external-managed
  listeners:
  - name: https
    protocol: HTTPS
    port: 443
    allowedRoutes:
      namespaces:
        from: Selector
        selector:
          matchLabels:
            shared-gateway-access: "true"
    tls:
      mode: Terminate
      options:
        networking.gke.io/pre-shared-certs: ipos-cert
  addresses:
  - type: NamedAddress
    value: "l7lb-external-ip-address"

This Gateway is attached to multiple HTTPRoutes like so

rules:
- matches:
  - path:
      value: /api/v1/service  
  backendRefs:
  - name: example-service
    port: 80

The setup work well when requests are sent from code application clients. The problem is if request is sent through browser, we get a Cross-Origin Resource Sharing error: PreflightMissingAllowOriginHeader and request status says CORS error

How can we add the missing Allow Origin Header using Kubernetes Gateway API


Solution

  • CORS support is on the GKE Gateway roadmap, but for now you will need to add support from within your application backend.