Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Ignore ports in host headers when matching against HTTPRoute hostnames #1702

Merged
merged 7 commits into from
Aug 19, 2023
Merged

fix: Ignore ports in host headers when matching against HTTPRoute hostnames #1702

merged 7 commits into from
Aug 19, 2023

Conversation

jackkleeman
Copy link
Contributor

@jackkleeman jackkleeman commented Jul 24, 2023
edited
Loading

What type of PR is this?

fix

What this PR does / why we need it:
We need to be able to match on hostnames in httproute (that are more specific than hostnames in the listener) while also ignoring ports in host headers. Currently we do not ignore ports, and there is no workaround because hostnames may not contain ports, and nor can headermatch values. There are two approaches to solving this:

  1. We could change the authority header match that currently exists to be some kind of regex which allows ports
  2. We could create xds virtualhosts for each of the hostnames in the httproutes

This PR is the second approach

NB: This PR does not allow 'fallthrough' from one route hostname to a less specific one (eg from google.com to *.com) when there is no match for the first hostname, as envoy does not fall through after a virtual host is selected. This is a breaking change of behaviour as currently the less specific matcher will simply come later in the list of routes under the same virtual host. However, this is moving in line with the spec as discussed in kubernetes-sigs/gateway-api#2294

Which issue(s) this PR fixes:

Fixes #1687

@jackkleeman jackkleeman requested a review from a team as a code owner July 24, 2023 20:07
@jackkleeman
Copy link
Contributor Author

cc @arkodg

@arkodg arkodg added this to the 0.6.0-rc1 milestone Jul 24, 2023
@codecov
Copy link

codecov bot commented Jul 26, 2023
edited
Loading

Codecov Report

Merging #1702 (d0dc313) into main (080674a) will decrease coverage by 0.08%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #1702      +/-   ##
==========================================
- Coverage   65.17%   65.10%   -0.08%     
==========================================
  Files          84       84              
  Lines       12230    12230              
==========================================
- Hits         7971     7962       -9     
- Misses       3751     3759       +8     
- Partials      508      509       +1
Files Changed Coverage Δ
internal/gatewayapi/route.go 88.03% <100.00%> (-0.26%) ⬇️
internal/ir/xds.go 72.80% <100.00%> (+0.24%) ⬆️
internal/xds/translator/translator.go 76.33% <100.00%> (+1.33%) ⬆️

... and 2 files with indirect coverage changes

@jackkleeman jackkleeman force-pushed the virtualhost2 branch 3 times, most recently from a9535b4 to 456eab0 Compare August 15, 2023 12:08
arkodg
arkodg reviewed Aug 15, 2023
View reviewed changes
internal/extension/testutils/hooks.go Outdated
@@ -80,7 +80,7 @@ func (c *XDSHookClient) PostRouteModifyHook(route *routeV3.Route, routeHostnames
func (c *XDSHookClient) PostVirtualHostModifyHook(vh *routeV3.VirtualHost) (*routeV3.VirtualHost, error) {
// Only make the change when the VirtualHost's name matches the expected testdata
// This prevents us from having to update every single testfile.out
if vh.Name == "extension-post-xdsvirtualhost-hook-error" {
if vh.Name == "extension-post-xdsvirtualhost-hook-error-*" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @AliceProxy

@arkodg
Copy link
Contributor

arkodg commented Aug 17, 2023

few minor comments, overall LGTM, thanks for hanging in there, and bringing clarity on precedence matching !

@arkodg arkodg added the release-note Indicates a required release note label Aug 17, 2023
arkodg
arkodg reviewed Aug 17, 2023
View reviewed changes
internal/ir/xds.go Outdated Show resolved Hide resolved
@arkodg arkodg mentioned this pull request Aug 18, 2023
Merged
@jackkleeman
Use virtualhost domains instead of authority header match
e15e893 
Signed-off-by: Jack Kleeman <jackkleeman@gmail.com>
@jackkleeman
Update testdata
581d647 
Signed-off-by: Jack Kleeman <jackkleeman@gmail.com>
@jackkleeman
Update egctl docs
7a774d3 
Signed-off-by: Jack Kleeman <jackkleeman@gmail.com>
@jackkleeman
Require hostname to be set
a45400a 
Signed-off-by: Jack Kleeman <jackkleeman@gmail.com>
@jackkleeman
Update gatewayapi testdata to include hostnames
3873ce9 
Signed-off-by: Jack Kleeman <jackkleeman@gmail.com>
@jackkleeman
Update xds translator testdata to include hostnames
c80673d 
Signed-off-by: Jack Kleeman <jackkleeman@gmail.com>
@jackkleeman
Use slash instead of hyphen
d0dc313 
Signed-off-by: Jack Kleeman <jackkleeman@gmail.com>
arkodg
arkodg approved these changes Aug 18, 2023
View reviewed changes
Copy link
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks !

@arkodg arkodg requested review from a team, zhaohuabing, chauhanshubham and Xunzhuo and removed request for a team August 18, 2023 14:46
@jackkleeman
Copy link
Contributor Author

great thanks, please merge when you're happy

@arkodg
Copy link
Contributor

arkodg commented Aug 18, 2023
edited
Loading

waiting for a LGTM from another reviewer

@arkodg arkodg mentioned this pull request Aug 18, 2023
Closed
@zirain zirain merged commit 8398049 into envoyproxy:main Aug 19, 2023
18 checks passed
@jackkleeman jackkleeman deleted the virtualhost2 branch September 21, 2023 11:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@howardjohn howardjohn howardjohn left review comments

@zirain zirain zirain approved these changes

@arkodg arkodg arkodg approved these changes

@zhaohuabing zhaohuabing Awaiting requested review from zhaohuabing zhaohuabing was automatically assigned from envoyproxy/gateway-reviewers

@chauhanshubham chauhanshubham Awaiting requested review from chauhanshubham chauhanshubham was automatically assigned from envoyproxy/gateway-reviewers

@Xunzhuo Xunzhuo Awaiting requested review from Xunzhuo Xunzhuo was automatically assigned from envoyproxy/gateway-reviewers

Assignees
No one assigned
Labels
release-note Indicates a required release note
Projects
None yet
Milestone
0.6.0-rc1
Development

Successfully merging this pull request may close these issues.

Traffic flows with Host: <host>:<port> not allowed when hostname is set in HTTPRoute not Listener
4 participants
@jackkleeman @arkodg @howardjohn @zirain