Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPRoute conflicts when specifying a fallback https listener #6547

Open
hatsuyuki15 opened this issue Jul 10, 2024 · 6 comments
Open

HTTPRoute conflicts when specifying a fallback https listener #6547

hatsuyuki15 opened this issue Jul 10, 2024 · 6 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor.

Comments

@hatsuyuki15
Copy link

hatsuyuki15 commented Jul 10, 2024
edited
Loading

What steps did you take and what happened:

Given the following gateway:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: contour
  namespace: projectcontour
spec:
  gatewayClassName: contour
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: All

    - name: https-example.com
      protocol: HTTPS
      port: 443
      hostname: "*.example.com"
      allowedRoutes:
        namespaces:
          from: All
      tls:
        certificateRefs:
          - name: "wildcard-example.com-tls"
            kind: Secret

    - name: https
      protocol: HTTPS
      port: 443
      allowedRoutes:
        namespaces:
          from: All
      tls:
        certificateRefs:
          - name: "default-tls"
            kind: Secret

HTTPRoute:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: example.com
spec:
  hostnames:
    - "*.example.com"
  rules:
    - backendRefs:
        - name: example
          port: 8080
          kind: Service
  parentRefs:
    - name: contour
      group: gateway.networking.k8s.io
      namespace: projectcontour
      kind: Gateway

Applying the HTTPRoute above will always result in HTTPRoute's Match has conflict with other HTTPRoute's Match error. If I remove either https-example.com or https listener, it will work again. The above HTTPRoute is the only route in the system (there is no other route to cause conflict)

What did you expect to happen:

The HTTPRoute should be accepted.

Anything else you would like to add:
It seems like the HTTPRoute is attached to both https-example.com and https listener. Each attachment is treated by contour as a separated HTTPRoute, which will lead to conflict.

Environment:

  • Contour version: 1.29.1
  • Kubernetes version: (use kubectl version): v1.27.13
  • Kubernetes installer & version:
  • Cloud provider or hardware configuration: GKE. Node version: v1.26.14
  • OS (e.g. from /etc/os-release):
@hatsuyuki15 hatsuyuki15 added kind/bug Categorizes issue or PR as related to a bug. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor. labels Jul 10, 2024
@github-actions GitHub Actions
Copy link

Hey @hatsuyuki15! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace

@github-actions GitHub Actions
Copy link

The Contour project currently lacks enough contributors to adequately respond to all Issues.

This bot triages Issues according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the Issue is closed

You can:

  • Mark this Issue as fresh by commenting
  • Close this Issue
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 30, 2024
@hatsuyuki15
Copy link
Author

remove lifecycle/stale

@github-actions github-actions bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 2, 2024

The Contour project currently lacks enough contributors to adequately respond to all Issues.

This bot triages Issues according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the Issue is closed

You can:

  • Mark this Issue as fresh by commenting
  • Close this Issue
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 2, 2024
@hatsuyuki15
Copy link
Author

remove lifecycle/stale

@github-actions github-actions bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 9, 2024
@davinkevin
Copy link

I have the same with an http and https+wildcard. Additionally, some certificates are selected incorrectly, but I can't say if it's related or not 🤷

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/needs-triage Indicates that an issue needs to be triaged by a project contributor.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davinkevin @hatsuyuki15