LeaderId in the announcement of leader is always "host:tlsPort" when tls and plainText were both enabled. So if client sends request http://non-leader-host:plainTextPort/ to non-leader node, then it will receive a redirect to http://leader-host:tlsPort . Note that "scheme" of redirect location is wrong because a node always chooses scheme of incoming request to be the scheme of redirect location too.
Fix would be to include correct scheme in leaderId as well and RedirectFilter shouldn't use the scheme from incoming requests for redirects.
However this change will require that all coordinators/overlords are upgraded together and it should never be the case that two coordinators/overlords are running different versions of code.
I think it should be targeted in 0.11.0 as TLS is being released in same version. Note that we have those specific upgrade steps for overlords already due to #4699 .
LeaderId in the announcement of leader is always "host:tlsPort" when tls and plainText were both enabled. So if client sends request
http://non-leader-host:plainTextPort/to non-leader node, then it will receive a redirect tohttp://leader-host:tlsPort. Note that "scheme" of redirect location is wrong because a node always chooses scheme of incoming request to be the scheme of redirect location too.Fix would be to include correct scheme in leaderId as well and
RedirectFiltershouldn't use the scheme from incoming requests for redirects.However this change will require that all coordinators/overlords are upgraded together and it should never be the case that two coordinators/overlords are running different versions of code.
I think it should be targeted in 0.11.0 as TLS is being released in same version. Note that we have those specific upgrade steps for overlords already due to #4699 .