New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gateway-api: Ensure hostname check when set on both the HTTPRoute and the Gateway Listener #30686
Conversation
Commit 72eb9e8 does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Commits 72eb9e8, 9813250 do not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Commits 72eb9e8, 9813250, df2aa76 do not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
df2aa76
to
1158b5f
Compare
2f15291
to
fef4274
Compare
Commit fef4274 does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
fef4274
to
b0f9079
Compare
ce60900
to
86bed84
Compare
96898af
to
6be3c4e
Compare
Thanks for your PR, I vaguely remembered that we have similar checks, let me double-check and get back to you. |
👋 We are having the below check to compute the overlapping host name, so I think better to update this function if you see there is any gap/discrepancy. Thanks |
hi, @sayboras , thanks for giving this a look. I think the matching hostnames validator is only tangentially related. this is about matching the right listener to the is the intention to let the hostnames validator function be the sole gatekeeper for the hostname-matching logic? if so, maybe the NamespacesFromSelector check should fail-open, instead. that way, it can run through all the listeners' namespace selectors, and if none of them match, it could re-attempt validation through the downstream validators such as the matching hostnames validator. |
ah thanks for your explanation. Should we use the computeHost function for pattern matching? or is it should be exact match based on your implementation only ? |
Sorry maybe I misunderstood what you said earlier. Are you saying I should reuse the |
6be3c4e
to
993dcd0
Compare
Description
This PR ensures that the
gateway_checks
code for the operator respects thehostname
field, when it is set on both theHTTPRoute
and theGateway
listener. Per the text ofkubectl explain gateway.spec.listeners.hostname
:Contribution Text
Please ensure your pull request adheres to the following guidelines:
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes: <commit-id>
tag, thenplease add the commit author[s] as reviewer[s] to this issue.
Fixes: #30685