Add wildcard hostname rule to kubernetes gateway
This commit is contained in:
parent
ab71dad51a
commit
70a02158e5
4 changed files with 307 additions and 12 deletions
|
@ -0,0 +1,43 @@
|
||||||
|
---
|
||||||
|
kind: GatewayClass
|
||||||
|
apiVersion: networking.x-k8s.io/v1alpha1
|
||||||
|
metadata:
|
||||||
|
name: my-gateway-class
|
||||||
|
spec:
|
||||||
|
controller: traefik.io/gateway-controller
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: Gateway
|
||||||
|
apiVersion: networking.x-k8s.io/v1alpha1
|
||||||
|
metadata:
|
||||||
|
name: my-gateway
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
gatewayClassName: my-gateway-class
|
||||||
|
listeners: # Use GatewayClass defaults for listener definition.
|
||||||
|
- protocol: HTTP
|
||||||
|
port: 80
|
||||||
|
routes:
|
||||||
|
kind: HTTPRoute
|
||||||
|
namespaces:
|
||||||
|
from: Same
|
||||||
|
selector:
|
||||||
|
app: foo
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: HTTPRoute
|
||||||
|
apiVersion: networking.x-k8s.io/v1alpha1
|
||||||
|
metadata:
|
||||||
|
name: http-app-1
|
||||||
|
namespace: default
|
||||||
|
labels:
|
||||||
|
app: foo
|
||||||
|
spec:
|
||||||
|
hostnames:
|
||||||
|
- "foo.com"
|
||||||
|
- "*.bar.com"
|
||||||
|
rules:
|
||||||
|
- forwardTo:
|
||||||
|
- serviceName: whoami
|
||||||
|
port: 80
|
||||||
|
weight: 1
|
|
@ -0,0 +1,43 @@
|
||||||
|
---
|
||||||
|
kind: GatewayClass
|
||||||
|
apiVersion: networking.x-k8s.io/v1alpha1
|
||||||
|
metadata:
|
||||||
|
name: my-gateway-class
|
||||||
|
spec:
|
||||||
|
controller: traefik.io/gateway-controller
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: Gateway
|
||||||
|
apiVersion: networking.x-k8s.io/v1alpha1
|
||||||
|
metadata:
|
||||||
|
name: my-gateway
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
gatewayClassName: my-gateway-class
|
||||||
|
listeners: # Use GatewayClass defaults for listener definition.
|
||||||
|
- protocol: HTTP
|
||||||
|
port: 80
|
||||||
|
routes:
|
||||||
|
kind: HTTPRoute
|
||||||
|
namespaces:
|
||||||
|
from: Same
|
||||||
|
selector:
|
||||||
|
app: foo
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: HTTPRoute
|
||||||
|
apiVersion: networking.x-k8s.io/v1alpha1
|
||||||
|
metadata:
|
||||||
|
name: http-app-1
|
||||||
|
namespace: default
|
||||||
|
labels:
|
||||||
|
app: foo
|
||||||
|
spec:
|
||||||
|
hostnames:
|
||||||
|
- "foo.com"
|
||||||
|
- "*"
|
||||||
|
rules:
|
||||||
|
- forwardTo:
|
||||||
|
- serviceName: whoami
|
||||||
|
port: 80
|
||||||
|
weight: 1
|
|
@ -423,7 +423,17 @@ func (p *Provider) fillGatewayConf(client Client, gateway *v1alpha1.Gateway, con
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
hostRule := hostRule(httpRoute.Spec)
|
hostRule, err := hostRule(httpRoute.Spec)
|
||||||
|
if err != nil {
|
||||||
|
listenerStatuses[i].Conditions = append(listenerStatuses[i].Conditions, metav1.Condition{
|
||||||
|
Type: string(v1alpha1.ListenerConditionResolvedRefs),
|
||||||
|
Status: metav1.ConditionFalse,
|
||||||
|
LastTransitionTime: metav1.Now(),
|
||||||
|
Reason: string(v1alpha1.ListenerReasonDegradedRoutes),
|
||||||
|
Message: fmt.Sprintf("Skipping HTTPRoute %s: invalid hostname: %v", httpRoute.Name, err),
|
||||||
|
})
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
for _, routeRule := range httpRoute.Spec.Rules {
|
for _, routeRule := range httpRoute.Spec.Rules {
|
||||||
rule, err := extractRule(routeRule, hostRule)
|
rule, err := extractRule(routeRule, hostRule)
|
||||||
|
@ -572,20 +582,49 @@ func (p *Provider) makeGatewayStatus(listenerStatuses []v1alpha1.ListenerStatus)
|
||||||
return gatewayStatus, nil
|
return gatewayStatus, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func hostRule(httpRouteSpec v1alpha1.HTTPRouteSpec) string {
|
func hostRule(httpRouteSpec v1alpha1.HTTPRouteSpec) (string, error) {
|
||||||
hostRule := ""
|
var hostNames []string
|
||||||
for i, hostname := range httpRouteSpec.Hostnames {
|
var hostRegexNames []string
|
||||||
if i > 0 && len(hostname) > 0 {
|
|
||||||
hostRule += "`, `"
|
for _, hostname := range httpRouteSpec.Hostnames {
|
||||||
}
|
host := string(hostname)
|
||||||
hostRule += string(hostname)
|
// When unspecified, "", or *, all hostnames are matched.
|
||||||
|
// This field can be omitted for protocols that don't require hostname based matching.
|
||||||
|
// TODO Refactor this when building support for TLS options.
|
||||||
|
if host == "*" || host == "" {
|
||||||
|
return "", nil
|
||||||
}
|
}
|
||||||
|
|
||||||
if hostRule != "" {
|
wildcard := strings.Count(host, "*")
|
||||||
return "Host(`" + hostRule + "`)"
|
if wildcard == 0 {
|
||||||
|
hostNames = append(hostNames, host)
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
return ""
|
// https://gateway-api.sigs.k8s.io/spec/#networking.x-k8s.io/v1alpha1.Hostname
|
||||||
|
if !strings.HasPrefix(host, "*.") || wildcard > 1 {
|
||||||
|
return "", fmt.Errorf("invalid rule: %q", host)
|
||||||
|
}
|
||||||
|
|
||||||
|
hostRegexNames = append(hostRegexNames, strings.Replace(host, "*.", "{subdomain:[a-zA-Z0-9-]+}.", 1))
|
||||||
|
}
|
||||||
|
|
||||||
|
var res string
|
||||||
|
if len(hostNames) > 0 {
|
||||||
|
res = "Host(`" + strings.Join(hostNames, "`, `") + "`)"
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(hostRegexNames) == 0 {
|
||||||
|
return res, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
hostRegexp := "HostRegexp(`" + strings.Join(hostRegexNames, "`, `") + "`)"
|
||||||
|
|
||||||
|
if len(res) > 0 {
|
||||||
|
return "(" + res + " || " + hostRegexp + ")", nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return hostRegexp, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func extractRule(routeRule v1alpha1.HTTPRouteRule, hostRule string) (string, error) {
|
func extractRule(routeRule v1alpha1.HTTPRouteRule, hostRule string) (string, error) {
|
||||||
|
|
|
@ -436,6 +436,112 @@ func TestLoadHTTPRoutes(t *testing.T) {
|
||||||
TLS: &dynamic.TLSConfiguration{},
|
TLS: &dynamic.TLSConfiguration{},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
desc: "Simple HTTPRoute, with two hosts one wildcard",
|
||||||
|
paths: []string{"services.yml", "with_two_hosts_one_wildcard.yml"},
|
||||||
|
entryPoints: map[string]Entrypoint{"web": {
|
||||||
|
Address: ":80",
|
||||||
|
}},
|
||||||
|
expected: &dynamic.Configuration{
|
||||||
|
UDP: &dynamic.UDPConfiguration{
|
||||||
|
Routers: map[string]*dynamic.UDPRouter{},
|
||||||
|
Services: map[string]*dynamic.UDPService{},
|
||||||
|
},
|
||||||
|
TCP: &dynamic.TCPConfiguration{
|
||||||
|
Routers: map[string]*dynamic.TCPRouter{},
|
||||||
|
Services: map[string]*dynamic.TCPService{},
|
||||||
|
},
|
||||||
|
HTTP: &dynamic.HTTPConfiguration{
|
||||||
|
Routers: map[string]*dynamic.Router{
|
||||||
|
"default-http-app-1-my-gateway-web-2dbd7883f5537db39bca": {
|
||||||
|
EntryPoints: []string{"web"},
|
||||||
|
Service: "default-http-app-1-my-gateway-web-2dbd7883f5537db39bca-wrr",
|
||||||
|
Rule: "(Host(`foo.com`) || HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.bar.com`)) && PathPrefix(`/`)",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Middlewares: map[string]*dynamic.Middleware{},
|
||||||
|
Services: map[string]*dynamic.Service{
|
||||||
|
"default-http-app-1-my-gateway-web-2dbd7883f5537db39bca-wrr": {
|
||||||
|
Weighted: &dynamic.WeightedRoundRobin{
|
||||||
|
Services: []dynamic.WRRService{
|
||||||
|
{
|
||||||
|
Name: "default-whoami-80",
|
||||||
|
Weight: func(i int) *int { return &i }(1),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"default-whoami-80": {
|
||||||
|
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||||
|
Servers: []dynamic.Server{
|
||||||
|
{
|
||||||
|
URL: "http://10.10.0.1:80",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
URL: "http://10.10.0.2:80",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PassHostHeader: Bool(true),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
TLS: &dynamic.TLSConfiguration{},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "Simple HTTPRoute, with one host and a wildcard",
|
||||||
|
paths: []string{"services.yml", "with_two_hosts_wildcard.yml"},
|
||||||
|
entryPoints: map[string]Entrypoint{"web": {
|
||||||
|
Address: ":80",
|
||||||
|
}},
|
||||||
|
expected: &dynamic.Configuration{
|
||||||
|
UDP: &dynamic.UDPConfiguration{
|
||||||
|
Routers: map[string]*dynamic.UDPRouter{},
|
||||||
|
Services: map[string]*dynamic.UDPService{},
|
||||||
|
},
|
||||||
|
TCP: &dynamic.TCPConfiguration{
|
||||||
|
Routers: map[string]*dynamic.TCPRouter{},
|
||||||
|
Services: map[string]*dynamic.TCPService{},
|
||||||
|
},
|
||||||
|
HTTP: &dynamic.HTTPConfiguration{
|
||||||
|
Routers: map[string]*dynamic.Router{
|
||||||
|
"default-http-app-1-my-gateway-web-a431b128267aabc954fd": {
|
||||||
|
EntryPoints: []string{"web"},
|
||||||
|
Service: "default-http-app-1-my-gateway-web-a431b128267aabc954fd-wrr",
|
||||||
|
Rule: "PathPrefix(`/`)",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Middlewares: map[string]*dynamic.Middleware{},
|
||||||
|
Services: map[string]*dynamic.Service{
|
||||||
|
"default-http-app-1-my-gateway-web-a431b128267aabc954fd-wrr": {
|
||||||
|
Weighted: &dynamic.WeightedRoundRobin{
|
||||||
|
Services: []dynamic.WRRService{
|
||||||
|
{
|
||||||
|
Name: "default-whoami-80",
|
||||||
|
Weight: func(i int) *int { return &i }(1),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"default-whoami-80": {
|
||||||
|
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||||
|
Servers: []dynamic.Server{
|
||||||
|
{
|
||||||
|
URL: "http://10.10.0.1:80",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
URL: "http://10.10.0.2:80",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PassHostHeader: Bool(true),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
TLS: &dynamic.TLSConfiguration{},
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
desc: "One HTTPRoute with two different rules",
|
desc: "One HTTPRoute with two different rules",
|
||||||
paths: []string{"services.yml", "two_rules.yml"},
|
paths: []string{"services.yml", "two_rules.yml"},
|
||||||
|
@ -845,6 +951,7 @@ func TestHostRule(t *testing.T) {
|
||||||
desc string
|
desc string
|
||||||
routeSpec v1alpha1.HTTPRouteSpec
|
routeSpec v1alpha1.HTTPRouteSpec
|
||||||
expectedRule string
|
expectedRule string
|
||||||
|
expectErr bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
desc: "Empty rule and matches",
|
desc: "Empty rule and matches",
|
||||||
|
@ -879,7 +986,7 @@ func TestHostRule(t *testing.T) {
|
||||||
"Bir",
|
"Bir",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
expectedRule: "Host(`Foo`, `Bir`)",
|
expectedRule: "",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
desc: "Multiple empty hosts",
|
desc: "Multiple empty hosts",
|
||||||
|
@ -892,14 +999,77 @@ func TestHostRule(t *testing.T) {
|
||||||
},
|
},
|
||||||
expectedRule: "",
|
expectedRule: "",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
desc: "Several Host and wildcard",
|
||||||
|
routeSpec: v1alpha1.HTTPRouteSpec{
|
||||||
|
Hostnames: []v1alpha1.Hostname{
|
||||||
|
"*.bar.foo",
|
||||||
|
"bar.foo",
|
||||||
|
"foo.foo",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedRule: "(Host(`bar.foo`, `foo.foo`) || HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.bar.foo`))",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "Host with wildcard",
|
||||||
|
routeSpec: v1alpha1.HTTPRouteSpec{
|
||||||
|
Hostnames: []v1alpha1.Hostname{
|
||||||
|
"*.bar.foo",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedRule: "HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.bar.foo`)",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "Alone wildcard",
|
||||||
|
routeSpec: v1alpha1.HTTPRouteSpec{
|
||||||
|
Hostnames: []v1alpha1.Hostname{
|
||||||
|
"*",
|
||||||
|
"*.foo.foo",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "Multiple alone Wildcard",
|
||||||
|
routeSpec: v1alpha1.HTTPRouteSpec{
|
||||||
|
Hostnames: []v1alpha1.Hostname{
|
||||||
|
"foo.foo",
|
||||||
|
"*.*",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "Multiple Wildcard",
|
||||||
|
routeSpec: v1alpha1.HTTPRouteSpec{
|
||||||
|
Hostnames: []v1alpha1.Hostname{
|
||||||
|
"foo.foo",
|
||||||
|
"*.toto.*.bar.foo",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "Multiple subdomain with misplaced wildcard",
|
||||||
|
routeSpec: v1alpha1.HTTPRouteSpec{
|
||||||
|
Hostnames: []v1alpha1.Hostname{
|
||||||
|
"foo.foo",
|
||||||
|
"toto.*.bar.foo",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectErr: true,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, test := range testCases {
|
for _, test := range testCases {
|
||||||
test := test
|
test := test
|
||||||
t.Run(test.desc, func(t *testing.T) {
|
t.Run(test.desc, func(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
rule, err := hostRule(test.routeSpec)
|
||||||
|
|
||||||
assert.Equal(t, test.expectedRule, hostRule(test.routeSpec))
|
assert.Equal(t, test.expectedRule, rule)
|
||||||
|
if test.expectErr {
|
||||||
|
assert.Error(t, err)
|
||||||
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue