Skip to content

[feat gw-api]handle hostname intersection #4417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

[feat gw-api]handle hostname intersection #4417

wants to merge 5 commits into from
+420 −94

Conversation

@shuqz
Copy link
Collaborator

@shuqz shuqz commented Oct 28, 2025

Description

we were not properly handle case when listener has hostname but route does not, therefore failing conformance test - HTTPRouteListenerHostnameMatching
This implementation covers this gap by

  • setting compatible hostname during route attachment
  • use compatible in listener builder phase

Checklist

  • Added tests that cover your change (if possible)
  • Added/modified documentation as required (such as the README.md, or the docs directory)
  • Manually tested

re-run HTTPRouteListenerHostnameMatching and got

    --- PASS: TestConformance/HTTPRouteListenerHostnameMatching (245.50s)
        --- PASS: TestConformance/HTTPRouteListenerHostnameMatching/6_request_to_'foo.com/'_should_receive_one_of_[] (0.13s)
        --- PASS: TestConformance/HTTPRouteListenerHostnameMatching/2_request_to_'baz.bar.com/'_should_go_to_infra-backend-v3 (0.13s)
        --- PASS: TestConformance/HTTPRouteListenerHostnameMatching/7_request_to_'no.matching.host/'_should_receive_one_of_[] (0.14s)
        --- PASS: TestConformance/HTTPRouteListenerHostnameMatching/3_request_to_'boo.bar.com/'_should_go_to_infra-backend-v3 (0.15s)
        --- PASS: TestConformance/HTTPRouteListenerHostnameMatching/5_request_to_'multiple.prefixes.foo.com/'_should_go_to_infra-backend-v3 (0.15s)
        --- PASS: TestConformance/HTTPRouteListenerHostnameMatching/1_request_to_'foo.bar.com/'_should_go_to_infra-backend-v2 (0.15s)
        --- PASS: TestConformance/HTTPRouteListenerHostnameMatching/0_request_to_'bar.com/'_should_go_to_infra-backend-v1 (0.15s)
        --- PASS: TestConformance/HTTPRouteListenerHostnameMatching/4_request_to_'multiple.prefixes.bar.com/'_should_go_to_infra-backend-v3 (0.15s)
  • Made sure the title of the PR is a good description that can go into the release notes

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

  • Backfilled missing tests for code in same general area 🎉
  • Refactored something and made the world a better place 🌟

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: shuqz
Once this PR has been reviewed and has the lgtm label, please assign zac-nixon for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 28, 2025
shraddhabang
shraddhabang reviewed Oct 28, 2025
View reviewed changes
@shuqz shuqz force-pushed the shuqz-hostname-intersection branch from fb0854b to 3aed806 Compare October 28, 2025 20:59
@shuqz
Copy link
Collaborator Author

shuqz commented Oct 28, 2025

/retest

zac-nixon
zac-nixon reviewed Oct 28, 2025
View reviewed changes
pkg/gateway/routeutils/descriptor.go
GetRouteGeneration() int64
GetRouteCreateTimestamp() time.Time
GetCompatibleHostnames() []gwv1.Hostname
SetCompatibleHostnames([]gwv1.Hostname)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be great to add a comment saying what a "compatible hostname" is.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From gateway documentation,

Hostnames defines a set of SNI names that should match against the
SNI attribute of TLS ClientHello message in TLS handshake. This matches
the RFC 1123 definition of a hostname with 2 notable exceptions:
1. IPs are not allowed in SNI names per RFC 6066.
2. A hostname may be prefixed with a wildcard label (*.). The wildcard
label must appear by itself as the first label.
If a hostname is specified by both the Listener and TLSRoute, there
must be at least one intersecting hostname for the TLSRoute to be
attached to the Listener. For example:
A Listener with test.example.com as the hostname matches TLSRoutes
that have either not specified any hostnames, or have specified at
least one of test.example.com or *.example.com.
A Listener with *.example.com as the hostname matches TLSRoutes
that have either not specified any hostnames or have specified at least
one hostname that matches the Listener hostname. For example,
test.example.com and *.example.com would both match. On the other
hand, example.com and test.example.net would not match.
If both the Listener and TLSRoute have specified hostnames, any
TLSRoute hostnames that do not match the Listener hostname MUST be
ignored. For example, if a Listener specified *.example.com, and the
TLSRoute specified test.example.com and test.example.net,
test.example.net must not be considered for a match.
If both the Listener and TLSRoute have specified hostnames, and none
match with the criteria above, then the TLSRoute is not accepted. The
implementation must raise an 'Accepted' Condition with a status of
False in the corresponding RouteParentStatus.

zac-nixon
zac-nixon reviewed Oct 28, 2025
View reviewed changes
pkg/gateway/routeutils/http.go
route *gwv1.HTTPRoute
rules []RouteRule
ruleAccumulator attachedRuleAccumulator[gwv1.HTTPRouteRule]
compatibleHostnames []gwv1.Hostname
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does this work for a route that attaches to two different listeners in a Gateway?

zac-nixon
zac-nixon reviewed Oct 28, 2025
View reviewed changes
pkg/gateway/routeutils/listener_attachment_helper.go Outdated
// A route can attach to listener if it does not have hostname or listener does not have hostname
if listener.Hostname == nil || len(route.GetHostnames()) == 0 {
// If route has no hostnames but listener does, use listener hostname
if len(route.GetHostnames()) == 0 {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we need a nil check still?

@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 29, 2025
@shuqz shuqz marked this pull request as draft October 29, 2025 05:12
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zac-nixon zac-nixon zac-nixon left review comments

@shraddhabang shraddhabang shraddhabang left review comments

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@shuqz @k8s-ci-robot @zac-nixon @shraddhabang