Skip to content

Commit

Permalink
Fix attachedRoutes computation (envoyproxy#2085)
Browse files Browse the repository at this point in the history
* Fix attachedRoutes computation

* Fixes: envoyproxy#2077
* Fixes: envoyproxy#1916

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* make testdata

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

---------

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
(cherry picked from commit 93a12e7)
Signed-off-by: Arko Dasgupta <arko@tetrate.io>
  • Loading branch information
arkodg committed Nov 1, 2023
1 parent 298bfba commit f8c2530
Show file tree
Hide file tree
Showing 53 changed files with 85 additions and 101 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@ httpRoutes:
parents:
- conditions:
- lastTransitionTime: null
message: There are no ready listeners for this parent ref
reason: NoReadyListeners
message: No listeners included by this parent ref allowed this attachment.
reason: NotAllowedByListeners
status: "False"
type: Accepted
- lastTransitionTime: null
Expand Down
58 changes: 22 additions & 36 deletions internal/gatewayapi/route.go
Original file line number Diff line number Diff line change
Expand Up @@ -572,12 +572,6 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route
}
irListener.Routes = append(irListener.Routes, perHostRoutes...)
}
// Theoretically there should only be one parent ref per
// Route that attaches to a given Listener, so fine to just increment here, but we
// might want to check to ensure we're not double-counting.
if len(routeRoutes) > 0 {
listener.IncrementAttachedRoutes()
}
}

return hasHostnameIntersection
Expand Down Expand Up @@ -680,12 +674,6 @@ func (t *Translator) processTLSRouteParentRefs(tlsRoute *TLSRouteContext, resour
gwXdsIR := xdsIR[irKey]
gwXdsIR.TCP = append(gwXdsIR.TCP, irListener)

// Theoretically there should only be one parent ref per
// Route that attaches to a given Listener, so fine to just increment here, but we
// might want to check to ensure we're not double-counting.
if len(irListener.Destination.Settings) > 0 {
listener.IncrementAttachedRoutes()
}
}

if !hasHostnameIntersection {
Expand Down Expand Up @@ -792,7 +780,7 @@ func (t *Translator) processUDPRouteParentRefs(udpRoute *UDPRouteContext, resour
accepted := false
for _, listener := range parentRef.listeners {
// only one route is allowed for a UDP listener
if listener.AttachedRoutes() > 0 {
if listener.AttachedRoutes() > 1 {
continue
}
if !listener.IsReady() {
Expand All @@ -817,12 +805,6 @@ func (t *Translator) processUDPRouteParentRefs(udpRoute *UDPRouteContext, resour
gwXdsIR := xdsIR[irKey]
gwXdsIR.UDP = append(gwXdsIR.UDP, irListener)

// Theoretically there should only be one parent ref per
// Route that attaches to a given Listener, so fine to just increment here, but we
// might want to check to ensure we're not double-counting.
if len(irListener.Destination.Settings) > 0 {
listener.IncrementAttachedRoutes()
}
}

// If no negative conditions have been set, the route is considered "Accepted=True".
Expand Down Expand Up @@ -929,7 +911,7 @@ func (t *Translator) processTCPRouteParentRefs(tcpRoute *TCPRouteContext, resour
accepted := false
for _, listener := range parentRef.listeners {
// only one route is allowed for a TCP listener
if listener.AttachedRoutes() > 0 {
if listener.AttachedRoutes() > 1 {
continue
}
if !listener.IsReady() {
Expand All @@ -954,12 +936,6 @@ func (t *Translator) processTCPRouteParentRefs(tcpRoute *TCPRouteContext, resour
gwXdsIR := xdsIR[irKey]
gwXdsIR.TCP = append(gwXdsIR.TCP, irListener)

// Theoretically there should only be one parent ref per
// Route that attaches to a given Listener, so fine to just increment here, but we
// might want to check to ensure we're not double-counting.
if len(irListener.Destination.Settings) > 0 {
listener.IncrementAttachedRoutes()
}
}

// If no negative conditions have been set, the route is considered "Accepted=True".
Expand Down Expand Up @@ -1110,16 +1086,6 @@ func (t *Translator) processAllowedListenersForParentRefs(routeContext RouteCont
continue
}

if !HasReadyListener(selectedListeners) {
parentRefCtx.SetCondition(routeContext,
gwapiv1.RouteConditionAccepted,
metav1.ConditionFalse,
"NoReadyListeners",
"There are no ready listeners for this parent ref",
)
continue
}

var allowedListeners []*ListenerContext
for _, listener := range selectedListeners {
acceptedKind := GetRouteType(routeContext)
Expand All @@ -1139,6 +1105,26 @@ func (t *Translator) processAllowedListenersForParentRefs(routeContext RouteCont
continue
}

// Its safe to increment AttachedRoutes since we've found a valid parentRef
// and the listener allows this Route kind

// Theoretically there should only be one parent ref per
// Route that attaches to a given Listener, so fine to just increment here, but we
// might want to check to ensure we're not double-counting.
for _, listener := range allowedListeners {
listener.IncrementAttachedRoutes()
}

if !HasReadyListener(selectedListeners) {
parentRefCtx.SetCondition(routeContext,
gwapiv1.RouteConditionAccepted,
metav1.ConditionFalse,
"NoReadyListeners",
"There are no ready listeners for this parent ref",
)
continue
}

parentRefCtx.SetListeners(allowedListeners...)

parentRefCtx.SetCondition(routeContext,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ gateways:
protocol: HTTP
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ gateways:
protocol: HTTP
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ gateways:
protocol: HTTP
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,8 @@ httpRoutes:
parents:
- conditions:
- lastTransitionTime: null
message: There are no ready listeners for this parent ref
reason: NoReadyListeners
message: No listeners included by this parent ref allowed this attachment.
reason: NotAllowedByListeners
status: "False"
type: Accepted
- lastTransitionTime: null
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ httpRoutes:
parents:
- conditions:
- lastTransitionTime: null
message: There are no ready listeners for this parent ref
reason: NoReadyListeners
message: No listeners included by this parent ref allowed this attachment.
reason: NotAllowedByListeners
status: "False"
type: Accepted
- lastTransitionTime: null
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ httpRoutes:
parents:
- conditions:
- lastTransitionTime: null
message: There are no ready listeners for this parent ref
reason: NoReadyListeners
message: No listeners included by this parent ref allowed this attachment.
reason: NotAllowedByListeners
status: "False"
type: Accepted
- lastTransitionTime: null
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ httpRoutes:
parents:
- conditions:
- lastTransitionTime: null
message: There are no ready listeners for this parent ref
reason: NoReadyListeners
message: No listeners included by this parent ref allowed this attachment.
reason: NotAllowedByListeners
status: "False"
type: Accepted
- lastTransitionTime: null
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,8 @@ tlsRoutes:
parents:
- conditions:
- lastTransitionTime: null
message: There are no ready listeners for this parent ref
reason: NoReadyListeners
message: No listeners included by this parent ref allowed this attachment.
reason: NotAllowedByListeners
status: "False"
type: Accepted
- lastTransitionTime: null
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ gateways:
mode: Terminate
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Secret envoy-gateway/tls-secret-ecdsa-2 public key algorithm must
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ gateways:
mode: Passthrough
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: TLS Passthrough mode is not supported, TLS mode must be Terminate.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ gateways:
mode: Terminate
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Listener must have at least 1 TLS certificate ref
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ gateways:
mode: Terminate
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Secret envoy-gateway/tls-secret-1 must contain valid tls.crt and
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ gateways:
mode: Terminate
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Secret envoy-gateway/tls-secret-1 does not exist.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ gateways:
mode: Terminate
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Certificate ref to secret default/tls-secret-1 not permitted by any
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ gateways:
mode: Terminate
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Secret envoy-gateway/tls-secret-1 must contain tls.crt and tls.key.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ httpRoutes:
parents:
- conditions:
- lastTransitionTime: null
message: There are no ready listeners for this parent ref
reason: NoReadyListeners
message: No listeners included by this parent ref allowed this attachment.
reason: NotAllowedByListeners
status: "False"
type: Accepted
- lastTransitionTime: null
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ gateways:
protocol: TCP
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ gateways:
protocol: TCP
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ gateways:
protocol: TCP
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ gateways:
protocol: UDP
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ gateways:
protocol: UDP
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ gateways:
protocol: UDP
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ httpRoutes:
parents:
- conditions:
- lastTransitionTime: null
message: There are no ready listeners for this parent ref
reason: NoReadyListeners
message: No listeners included by this parent ref allowed this attachment.
reason: NotAllowedByListeners
status: "False"
type: Accepted
- lastTransitionTime: null
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ gateways:
protocol: TCP
status:
listeners:
- attachedRoutes: 1
- attachedRoutes: 2
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ gateways:
protocol: UDP
status:
listeners:
- attachedRoutes: 1
- attachedRoutes: 2
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Only one TCP/TLS listener is allowed in a given port
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ gateways:
supportedKinds:
- group: gateway.networking.k8s.io
kind: UDPRoute
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: Only one UDP listener is allowed in a given port
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ gateways:
mode: Passthrough
status:
listeners:
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: All listeners for a given port must use a unique hostname
Expand All @@ -49,7 +49,7 @@ gateways:
kind: HTTPRoute
- group: gateway.networking.k8s.io
kind: GRPCRoute
- attachedRoutes: 0
- attachedRoutes: 1
conditions:
- lastTransitionTime: null
message: All listeners for a given port must use a unique hostname
Expand Down
Loading

0 comments on commit f8c2530

Please sign in to comment.