Add wildcard hostname rule to kubernetes gateway

This commit is contained in:
Joel Berger 2021-04-29 10:18:04 -05:00 committed by GitHub
parent ab71dad51a
commit 70a02158e5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 307 additions and 12 deletions

View file

@ -0,0 +1,43 @@
---
kind: GatewayClass
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: my-gateway-class
spec:
controller: traefik.io/gateway-controller
---
kind: Gateway
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: my-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- protocol: HTTP
port: 80
routes:
kind: HTTPRoute
namespaces:
from: Same
selector:
app: foo
---
kind: HTTPRoute
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: http-app-1
namespace: default
labels:
app: foo
spec:
hostnames:
- "foo.com"
- "*.bar.com"
rules:
- forwardTo:
- serviceName: whoami
port: 80
weight: 1

View file

@ -0,0 +1,43 @@
---
kind: GatewayClass
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: my-gateway-class
spec:
controller: traefik.io/gateway-controller
---
kind: Gateway
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: my-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- protocol: HTTP
port: 80
routes:
kind: HTTPRoute
namespaces:
from: Same
selector:
app: foo
---
kind: HTTPRoute
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: http-app-1
namespace: default
labels:
app: foo
spec:
hostnames:
- "foo.com"
- "*"
rules:
- forwardTo:
- serviceName: whoami
port: 80
weight: 1

View file

@ -423,7 +423,17 @@ func (p *Provider) fillGatewayConf(client Client, gateway *v1alpha1.Gateway, con
continue continue
} }
hostRule := hostRule(httpRoute.Spec) hostRule, err := hostRule(httpRoute.Spec)
if err != nil {
listenerStatuses[i].Conditions = append(listenerStatuses[i].Conditions, metav1.Condition{
Type: string(v1alpha1.ListenerConditionResolvedRefs),
Status: metav1.ConditionFalse,
LastTransitionTime: metav1.Now(),
Reason: string(v1alpha1.ListenerReasonDegradedRoutes),
Message: fmt.Sprintf("Skipping HTTPRoute %s: invalid hostname: %v", httpRoute.Name, err),
})
continue
}
for _, routeRule := range httpRoute.Spec.Rules { for _, routeRule := range httpRoute.Spec.Rules {
rule, err := extractRule(routeRule, hostRule) rule, err := extractRule(routeRule, hostRule)
@ -572,20 +582,49 @@ func (p *Provider) makeGatewayStatus(listenerStatuses []v1alpha1.ListenerStatus)
return gatewayStatus, nil return gatewayStatus, nil
} }
func hostRule(httpRouteSpec v1alpha1.HTTPRouteSpec) string { func hostRule(httpRouteSpec v1alpha1.HTTPRouteSpec) (string, error) {
hostRule := "" var hostNames []string
for i, hostname := range httpRouteSpec.Hostnames { var hostRegexNames []string
if i > 0 && len(hostname) > 0 {
hostRule += "`, `" for _, hostname := range httpRouteSpec.Hostnames {
} host := string(hostname)
hostRule += string(hostname) // When unspecified, "", or *, all hostnames are matched.
// This field can be omitted for protocols that don't require hostname based matching.
// TODO Refactor this when building support for TLS options.
if host == "*" || host == "" {
return "", nil
} }
if hostRule != "" { wildcard := strings.Count(host, "*")
return "Host(`" + hostRule + "`)" if wildcard == 0 {
hostNames = append(hostNames, host)
continue
} }
return "" // https://gateway-api.sigs.k8s.io/spec/#networking.x-k8s.io/v1alpha1.Hostname
if !strings.HasPrefix(host, "*.") || wildcard > 1 {
return "", fmt.Errorf("invalid rule: %q", host)
}
hostRegexNames = append(hostRegexNames, strings.Replace(host, "*.", "{subdomain:[a-zA-Z0-9-]+}.", 1))
}
var res string
if len(hostNames) > 0 {
res = "Host(`" + strings.Join(hostNames, "`, `") + "`)"
}
if len(hostRegexNames) == 0 {
return res, nil
}
hostRegexp := "HostRegexp(`" + strings.Join(hostRegexNames, "`, `") + "`)"
if len(res) > 0 {
return "(" + res + " || " + hostRegexp + ")", nil
}
return hostRegexp, nil
} }
func extractRule(routeRule v1alpha1.HTTPRouteRule, hostRule string) (string, error) { func extractRule(routeRule v1alpha1.HTTPRouteRule, hostRule string) (string, error) {

View file

@ -436,6 +436,112 @@ func TestLoadHTTPRoutes(t *testing.T) {
TLS: &dynamic.TLSConfiguration{}, TLS: &dynamic.TLSConfiguration{},
}, },
}, },
{
desc: "Simple HTTPRoute, with two hosts one wildcard",
paths: []string{"services.yml", "with_two_hosts_one_wildcard.yml"},
entryPoints: map[string]Entrypoint{"web": {
Address: ":80",
}},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Services: map[string]*dynamic.TCPService{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{
"default-http-app-1-my-gateway-web-2dbd7883f5537db39bca": {
EntryPoints: []string{"web"},
Service: "default-http-app-1-my-gateway-web-2dbd7883f5537db39bca-wrr",
Rule: "(Host(`foo.com`) || HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.bar.com`)) && PathPrefix(`/`)",
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"default-http-app-1-my-gateway-web-2dbd7883f5537db39bca-wrr": {
Weighted: &dynamic.WeightedRoundRobin{
Services: []dynamic.WRRService{
{
Name: "default-whoami-80",
Weight: func(i int) *int { return &i }(1),
},
},
},
},
"default-whoami-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://10.10.0.1:80",
},
{
URL: "http://10.10.0.2:80",
},
},
PassHostHeader: Bool(true),
},
},
},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple HTTPRoute, with one host and a wildcard",
paths: []string{"services.yml", "with_two_hosts_wildcard.yml"},
entryPoints: map[string]Entrypoint{"web": {
Address: ":80",
}},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Services: map[string]*dynamic.TCPService{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{
"default-http-app-1-my-gateway-web-a431b128267aabc954fd": {
EntryPoints: []string{"web"},
Service: "default-http-app-1-my-gateway-web-a431b128267aabc954fd-wrr",
Rule: "PathPrefix(`/`)",
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"default-http-app-1-my-gateway-web-a431b128267aabc954fd-wrr": {
Weighted: &dynamic.WeightedRoundRobin{
Services: []dynamic.WRRService{
{
Name: "default-whoami-80",
Weight: func(i int) *int { return &i }(1),
},
},
},
},
"default-whoami-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://10.10.0.1:80",
},
{
URL: "http://10.10.0.2:80",
},
},
PassHostHeader: Bool(true),
},
},
},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{ {
desc: "One HTTPRoute with two different rules", desc: "One HTTPRoute with two different rules",
paths: []string{"services.yml", "two_rules.yml"}, paths: []string{"services.yml", "two_rules.yml"},
@ -845,6 +951,7 @@ func TestHostRule(t *testing.T) {
desc string desc string
routeSpec v1alpha1.HTTPRouteSpec routeSpec v1alpha1.HTTPRouteSpec
expectedRule string expectedRule string
expectErr bool
}{ }{
{ {
desc: "Empty rule and matches", desc: "Empty rule and matches",
@ -879,7 +986,7 @@ func TestHostRule(t *testing.T) {
"Bir", "Bir",
}, },
}, },
expectedRule: "Host(`Foo`, `Bir`)", expectedRule: "",
}, },
{ {
desc: "Multiple empty hosts", desc: "Multiple empty hosts",
@ -892,14 +999,77 @@ func TestHostRule(t *testing.T) {
}, },
expectedRule: "", expectedRule: "",
}, },
{
desc: "Several Host and wildcard",
routeSpec: v1alpha1.HTTPRouteSpec{
Hostnames: []v1alpha1.Hostname{
"*.bar.foo",
"bar.foo",
"foo.foo",
},
},
expectedRule: "(Host(`bar.foo`, `foo.foo`) || HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.bar.foo`))",
},
{
desc: "Host with wildcard",
routeSpec: v1alpha1.HTTPRouteSpec{
Hostnames: []v1alpha1.Hostname{
"*.bar.foo",
},
},
expectedRule: "HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.bar.foo`)",
},
{
desc: "Alone wildcard",
routeSpec: v1alpha1.HTTPRouteSpec{
Hostnames: []v1alpha1.Hostname{
"*",
"*.foo.foo",
},
},
},
{
desc: "Multiple alone Wildcard",
routeSpec: v1alpha1.HTTPRouteSpec{
Hostnames: []v1alpha1.Hostname{
"foo.foo",
"*.*",
},
},
expectErr: true,
},
{
desc: "Multiple Wildcard",
routeSpec: v1alpha1.HTTPRouteSpec{
Hostnames: []v1alpha1.Hostname{
"foo.foo",
"*.toto.*.bar.foo",
},
},
expectErr: true,
},
{
desc: "Multiple subdomain with misplaced wildcard",
routeSpec: v1alpha1.HTTPRouteSpec{
Hostnames: []v1alpha1.Hostname{
"foo.foo",
"toto.*.bar.foo",
},
},
expectErr: true,
},
} }
for _, test := range testCases { for _, test := range testCases {
test := test test := test
t.Run(test.desc, func(t *testing.T) { t.Run(test.desc, func(t *testing.T) {
t.Parallel() t.Parallel()
rule, err := hostRule(test.routeSpec)
assert.Equal(t, test.expectedRule, hostRule(test.routeSpec)) assert.Equal(t, test.expectedRule, rule)
if test.expectErr {
assert.Error(t, err)
}
}) })
} }
} }