Skip to content

gateway-api: Fix hostname bug breaking cert-manager#44492

Merged
joestringer merged 1 commit intocilium:mainfrom
youngnick:cert-manager-fix
Feb 24, 2026
Merged

gateway-api: Fix hostname bug breaking cert-manager#44492
joestringer merged 1 commit intocilium:mainfrom
youngnick:cert-manager-fix

Conversation

@youngnick
Copy link
Copy Markdown
Contributor

@youngnick youngnick commented Feb 23, 2026

This commit fixes a bug that prevented cert-manager from working correctly in the Gateway API reconciler.

When checking hostnames to see if they were isolated from other Listeners on the same Gateway, Cilium did not distinguish between Listeners of different Protocols.

This meant that when a HTTP and HTTPS listener had the same or overlapping hostnames, then the HTTP config would not be generated.

The fix was to keep track of the hostnames by Protocol, and only check the ones of the same protocol, which was the correct behavior the whole time.

This adds a new test to the model ingestion to catch this specific case as well.

Updates #36750
Updates #44123

gateway-api: Fix hostname intersection bug that was preventing cert-manager challenges from working correctly.

@youngnick youngnick requested a review from a team as a code owner February 23, 2026 03:57
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Feb 23, 2026
@youngnick youngnick added the release-note/bug This PR fixes an issue in a previous release of Cilium. label Feb 23, 2026
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Feb 23, 2026
This was referenced Feb 23, 2026
Closed
Open
@youngnick youngnick requested a review from sayboras February 23, 2026 03:59
@youngnick youngnick added needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch labels Feb 23, 2026
sayboras
sayboras reviewed Feb 23, 2026
View reviewed changes
sayboras
sayboras approved these changes Feb 23, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah nice, thanks for fixing this bug 💯

@youngnick
gateway-api: Fix hostname bug breaking cert-manager
2a82046 
This commit fixes a bug that prevented cert-manager from working
correctly in the Gateway API reconciler.

When checking hostnames to see if they were isolated from other
Listeners on the same Gateway, Cilium did not distinguish between
Listeners of different Protocols.

This meant that when a HTTP and HTTPS listener had the same
or overlapping hostnames, then the HTTP config would not be
generated.

The fix was to keep track of the hostnames by Protocol, and
only check the ones of the _same_ protocol, which was the
correct behavior the whole time.

This adds a new test to the model ingestion to catch this
specific case as well.

Updates cilium#36750
Updates cilium#44123

Signed-off-by: Nick Young <nick@isovalent.com>
@youngnick
Copy link
Copy Markdown
Contributor Author

youngnick commented Feb 23, 2026

/test

1 similar comment
@youngnick
Copy link
Copy Markdown
Contributor Author

youngnick commented Feb 23, 2026

/test

@joestringer joestringer merged commit 167899c into cilium:main Feb 24, 2026
78 of 79 checks passed
@YutaroHayakawa YutaroHayakawa mentioned this pull request Feb 24, 2026
Merged
21 tasks
@YutaroHayakawa YutaroHayakawa added backport-pending/1.19 The backport for Cilium 1.19.x for this PR is in progress. and removed needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch labels Feb 24, 2026
@YutaroHayakawa YutaroHayakawa mentioned this pull request Feb 25, 2026
Merged
5 tasks
@YutaroHayakawa YutaroHayakawa added backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. and removed needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Feb 25, 2026
@github-actions github-actions bot added backport-done/1.19 The backport for Cilium 1.19.x for this PR is done. backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. and removed backport-pending/1.19 The backport for Cilium 1.19.x for this PR is in progress. backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. labels Mar 2, 2026
@youngnick youngnick mentioned this pull request Mar 9, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sayboras sayboras sayboras approved these changes

Assignees

No one assigned

Labels

backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. backport-done/1.19 The backport for Cilium 1.19.x for this PR is done. release-note/bug This PR fixes an issue in a previous release of Cilium.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@youngnick @sayboras @joestringer @msune @YutaroHayakawa