Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
There is validation of unique domain names in envoy v1.25.x, which causes the below error in conformance test. This commit is to make sure that we don't generate two virtual hosts with same domain names if enforce https is enabled. ``` 2023-04-01T06:08:08.710574289Z level=warning msg="NACK received for versions after and up to 4; waiting for a version update before sending again" subsys=xds xdsAckedVersion= xdsClientNode="host~127.0.0.1~no-id~localdomain" xdsDetail="Only unique values for domains are permitted. Duplicate entry of domain foo.bar.com in route default/cilium-ingress-default-host-rules/listener-insecure" xdsNonce=4 xdsStreamID=9 xdsTypeURL=type.googleapis.com/envoy.config.route.v3.RouteConfiguration ``` Before ```json - '@type': type.googleapis.com/envoy.config.route.v3.RouteConfiguration name: listener-insecure virtualHosts: - domains: - foo.bar.com - foo.bar.com:* name: foo.bar.com routes: - match: safeRegex: regex: (/.*)?$ redirect: httpsRedirect: true - domains: - '*.foo.com' - '*.foo.com:*' name: '*.foo.com' routes: - match: headers: - name: :authority stringMatch: safeRegex: regex: ^[^.]+[.]foo[.]com$ safeRegex: regex: (/.*)?$ route: cluster: default/wildcard-foo-com:8080 maxStreamDuration: maxStreamDuration: 0s - domains: - foo.bar.com - foo.bar.com:* name: foo.bar.com routes: - match: safeRegex: regex: (/.*)?$ route: maxStreamDuration: maxStreamDuration: 0s weightedClusters: clusters: - name: default/foo-bar-com:http weight: 1 - name: default/foo-bar-com:http weight: 1 ``` After ```json - '@type': type.googleapis.com/envoy.config.route.v3.RouteConfiguration name: listener-insecure virtualHosts: - domains: - foo.bar.com - foo.bar.com:* name: foo.bar.com routes: - match: safeRegex: regex: (/.*)?$ redirect: httpsRedirect: true - domains: - '*.foo.com' - '*.foo.com:*' name: '*.foo.com' routes: - match: headers: - name: :authority stringMatch: safeRegex: regex: ^[^.]+[.]foo[.]com$ safeRegex: regex: (/.*)?$ route: cluster: default/wildcard-foo-com:8080 maxStreamDuration: maxStreamDuration: 0s ``` Signed-off-by: Tam Mach <tam.mach@cilium.io>
- Loading branch information