Reject overlapping Gateway HTTPS hosts#13731
Conversation
* Adding unit tests for gateway * Fixing the lint issue * Fixing the copyright year * Making changes suggested in the reviews. Changes the name of a function and location of another.
|
So there's good news and bad news. 👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there. 😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request. Note to project maintainer: This is a terminal state, meaning the ℹ️ Googlers: Go here for more info. |
|
@mbanikazemi are you ok with us merging your commit in? not really sure if this is necessary but oh well |
|
/test all To fix prow flake |
pilot/pkg/model/gateway.go
Outdated
| currentProto := ParseProtocol(p[0].Port.Protocol) | ||
| if currentProto != protocol || !protocol.IsHTTP() { | ||
| log.Debugf("skipping server on gateway %s port %s.%d.%s: conflict with existing server %s.%d.%s", | ||
| log.Warnf("skipping server on gateway %s port %s.%d.%s: conflict with existing server %s.%d.%s", |
There was a problem hiding this comment.
The general approach is to add a metric - users are not expected to read the warnings.
There was a problem hiding this comment.
Don’t change this. This gets extremely spammy as it’s called often.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: costinm, howardjohn The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
pilot/pkg/model/gateway.go
Outdated
| tlsHostsByPort[s.Port.Number] = map[string]struct{}{} | ||
| } | ||
| if duplicateHosts := checkDuplicates(s.Hosts, tlsHostsByPort[s.Port.Number]); len(duplicateHosts) != 0 { | ||
| log.Warnf("MergeGateways: skipping server on gateway %s, duplicate host names: %v", gatewayName, duplicateHosts) |
| } | ||
| if duplicateHosts := checkDuplicates(s.Hosts, tlsHostsByPort[s.Port.Number]); len(duplicateHosts) != 0 { | ||
| log.Warnf("MergeGateways: skipping server on gateway %s, duplicate host names: %v", gatewayName, duplicateHosts) | ||
| continue |
There was a problem hiding this comment.
Why do you have to reject the entire server? Just remove the host or reject the host.
There was a problem hiding this comment.
I think it's a good idea, but I am not sure it is the right one. Do we guarantee (or want to) guarantee atomicity of config? What I mean is it ok to accept part of a config, or should we accept all or nothing?
I worry that if we just remove the host, the config, which is invalid and should he fixed, may go unnoticed for longer.
I do see the appeal of rejecting just the bad host though
There was a problem hiding this comment.
thats a fair point. thats what we do for the port names as well. The thing is, the duplicate host stuff worked before (dunno how but somehow envoy didn't barf).
I guess its okay. Better to reject the entire server than just one host, as the server has certs and other stuff.
There was a problem hiding this comment.
In 1.1.2 and below it was "working", but Envoy would just pick an arbitrary one (I think the last one). However it could crash envoy in some instances - see #13735.
In 1.1.4 we picked up this PR envoyproxy/envoy#6022 which always blocks it
rshriram
left a comment
There was a problem hiding this comment.
please use debug log statements as this code is called in several places for every gateway in the system. It will get extremely spammy in Pilot logs.
|
New changes are detected. LGTM label has been removed. |
|
@howardjohn: The following test failed, say
DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@mbanikazemi already gave consent to merge his code to master (in #12792). That means we can cherry pick his change into the release-1.1 branch |
|
A Googler has manually verified that the CLAs look good. (Googler, please make sure the reason for overriding the CLA status is clearly documented in these comments.) ℹ️ Googlers: Go here for more info. |
We already had some unit tests on master for this, so I pulled those in as well
For #13717