From 78a040d3c57e54255e7895a08f98a9ede809b302 Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Tue, 28 Feb 2023 11:40:31 -0700 Subject: [PATCH] refactor DAG and DAG consumers to support >2 Listeners Updates #4960. Signed-off-by: Steve Kriss --- cmd/contour/serve.go | 38 +- cmd/contour/serve_test.go | 2 +- internal/contour/metrics_test.go | 2 +- internal/dag/accessors.go | 24 +- internal/dag/builder.go | 47 +- internal/dag/builder_test.go | 543 +++++++++--------- internal/dag/dag.go | 28 +- internal/dag/gatewayapi_processor.go | 10 +- internal/dag/httpproxy_processor.go | 8 +- internal/dag/ingress_processor.go | 6 +- internal/dag/listener_processor.go | 83 +-- internal/dag/status_test.go | 8 +- internal/debug/dot_test.go | 16 +- .../featuretests/v3/backendclientauth_test.go | 2 +- internal/featuretests/v3/externalname_test.go | 2 +- internal/featuretests/v3/fallbackcert_test.go | 12 +- internal/featuretests/v3/featuretests.go | 7 +- .../featuretests/v3/globalratelimit_test.go | 11 +- internal/featuretests/v3/listeners_test.go | 23 +- internal/featuretests/v3/route_test.go | 4 +- internal/xdscache/v3/listener.go | 183 ++---- internal/xdscache/v3/listener_test.go | 87 +-- internal/xdscache/v3/route.go | 106 +++- internal/xdscache/v3/secret_test.go | 9 +- 24 files changed, 608 insertions(+), 653 deletions(-) diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index 4993425ca67..d4f8f77bb16 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -335,22 +335,8 @@ func (s *Server) doServe() error { } listenerConfig := xdscache_v3.ListenerConfig{ - UseProxyProto: *contourConfiguration.Envoy.Listener.UseProxyProto, - HTTPListeners: map[string]xdscache_v3.Listener{ - xdscache_v3.ENVOY_HTTP_LISTENER: { - Name: xdscache_v3.ENVOY_HTTP_LISTENER, - Address: contourConfiguration.Envoy.HTTPListener.Address, - Port: contourConfiguration.Envoy.HTTPListener.Port, - }, - }, - HTTPAccessLog: contourConfiguration.Envoy.HTTPListener.AccessLog, - HTTPSListeners: map[string]xdscache_v3.Listener{ - xdscache_v3.ENVOY_HTTPS_LISTENER: { - Name: xdscache_v3.ENVOY_HTTPS_LISTENER, - Address: contourConfiguration.Envoy.HTTPSListener.Address, - Port: contourConfiguration.Envoy.HTTPSListener.Port, - }, - }, + UseProxyProto: *contourConfiguration.Envoy.Listener.UseProxyProto, + HTTPAccessLog: contourConfiguration.Envoy.HTTPListener.AccessLog, HTTPSAccessLog: contourConfiguration.Envoy.HTTPSListener.AccessLog, AccessLogType: contourConfiguration.Envoy.Logging.AccessLogFormat, AccessLogJSONFields: contourConfiguration.Envoy.Logging.AccessLogJSONFields, @@ -448,6 +434,10 @@ func (s *Server) doServe() error { connectTimeout: timeouts.ConnectTimeout, client: s.mgr.GetClient(), metrics: contourMetrics, + httpAddress: contourConfiguration.Envoy.HTTPListener.Address, + httpPort: contourConfiguration.Envoy.HTTPListener.Port, + httpsAddress: contourConfiguration.Envoy.HTTPSListener.Address, + httpsPort: contourConfiguration.Envoy.HTTPSListener.Port, }) // Build the core Kubernetes event handler. @@ -862,6 +852,10 @@ type dagBuilderConfig struct { connectTimeout time.Duration client client.Client metrics *metrics.Metrics + httpAddress string + httpPort int + httpsAddress string + httpsPort int } func (s *Server) getDAGBuilder(dbc dagBuilderConfig) *dag.Builder { @@ -914,6 +908,14 @@ func (s *Server) getDAGBuilder(dbc dagBuilderConfig) *dag.Builder { // Get the appropriate DAG processors. dagProcessors := []dag.Processor{ + // The listener processor has to go first since it + // adds listeners which are roots of the DAG. + &dag.ListenerProcessor{ + HTTPAddress: dbc.httpAddress, + HTTPPort: dbc.httpPort, + HTTPSAddress: dbc.httpsAddress, + HTTPSPort: dbc.httpsPort, + }, &dag.IngressProcessor{ EnableExternalNameService: dbc.enableExternalNameService, FieldLogger: s.log.WithField("context", "IngressProcessor"), @@ -949,10 +951,6 @@ func (s *Server) getDAGBuilder(dbc dagBuilderConfig) *dag.Builder { }) } - // The listener processor has to go last since it looks at - // the output of the other processors. - dagProcessors = append(dagProcessors, &dag.ListenerProcessor{}) - var configuredSecretRefs []*types.NamespacedName if dbc.fallbackCert != nil { configuredSecretRefs = append(configuredSecretRefs, dbc.fallbackCert) diff --git a/cmd/contour/serve_test.go b/cmd/contour/serve_test.go index c16301b52c7..be8b1a65bea 100644 --- a/cmd/contour/serve_test.go +++ b/cmd/contour/serve_test.go @@ -33,7 +33,7 @@ func TestGetDAGBuilder(t *testing.T) { // is configured, but we don't currently have test cases that cover // that so it's OK to keep them in the "common" assertions for now. assert.Len(t, builder.Processors, 4) - assert.IsType(t, &dag.ListenerProcessor{}, builder.Processors[len(builder.Processors)-1]) + assert.IsType(t, &dag.ListenerProcessor{}, builder.Processors[0]) } t.Run("all default options", func(t *testing.T) { diff --git a/internal/contour/metrics_test.go b/internal/contour/metrics_test.go index a6641578234..e312cf4c4fc 100644 --- a/internal/contour/metrics_test.go +++ b/internal/contour/metrics_test.go @@ -45,11 +45,11 @@ func TestHTTPProxyMetrics(t *testing.T) { FieldLogger: fixture.NewTestLogger(t), }, Processors: []dag.Processor{ + &dag.ListenerProcessor{}, &dag.IngressProcessor{ FieldLogger: fixture.NewTestLogger(t), }, &dag.HTTPProxyProcessor{}, - &dag.ListenerProcessor{}, }, } for _, o := range tc.objs { diff --git a/internal/dag/accessors.go b/internal/dag/accessors.go index abf0aec992f..7bf4e6761cf 100644 --- a/internal/dag/accessors.go +++ b/internal/dag/accessors.go @@ -121,14 +121,14 @@ func externalName(svc *v1.Service) string { // GetSecureVirtualHost returns the secure virtual host in the DAG that // matches the provided name, or nil if no matching secure virtual host // is found. -func (d *DAG) GetSecureVirtualHost(hostname string) *SecureVirtualHost { - return d.SecureVirtualHosts[hostname] +func (d *DAG) GetSecureVirtualHost(listener, hostname string) *SecureVirtualHost { + return d.Listeners[listener].svhostsByName[hostname] } // EnsureSecureVirtualHost adds a secure virtual host with the provided // name to the DAG if it does not already exist, and returns it. -func (d *DAG) EnsureSecureVirtualHost(hostname string) *SecureVirtualHost { - if svh := d.GetSecureVirtualHost(hostname); svh != nil { +func (d *DAG) EnsureSecureVirtualHost(listener, hostname string) *SecureVirtualHost { + if svh := d.GetSecureVirtualHost(listener, hostname); svh != nil { return svh } @@ -137,27 +137,31 @@ func (d *DAG) EnsureSecureVirtualHost(hostname string) *SecureVirtualHost { Name: hostname, }, } - d.SecureVirtualHosts[hostname] = svh + + d.Listeners[listener].SecureVirtualHosts = append(d.Listeners[listener].SecureVirtualHosts, svh) + d.Listeners[listener].svhostsByName[svh.Name] = svh return svh } // GetVirtualHost returns the virtual host in the DAG that matches the // provided name, or nil if no matching virtual host is found. -func (d *DAG) GetVirtualHost(hostname string) *VirtualHost { - return d.VirtualHosts[hostname] +func (d *DAG) GetVirtualHost(listener, hostname string) *VirtualHost { + return d.Listeners[listener].vhostsByName[hostname] } // EnsureVirtualHost adds a virtual host with the provided name to the // DAG if it does not already exist, and returns it. -func (d *DAG) EnsureVirtualHost(hostname string) *VirtualHost { - if vhost := d.GetVirtualHost(hostname); vhost != nil { +func (d *DAG) EnsureVirtualHost(listener, hostname string) *VirtualHost { + if vhost := d.GetVirtualHost(listener, hostname); vhost != nil { return vhost } vhost := &VirtualHost{ Name: hostname, } - d.VirtualHosts[hostname] = vhost + + d.Listeners[listener].VirtualHosts = append(d.Listeners[listener].VirtualHosts, vhost) + d.Listeners[listener].vhostsByName[vhost.Name] = vhost return vhost } diff --git a/internal/dag/builder.go b/internal/dag/builder.go index b15b35aa9d7..d46d13ec6d9 100644 --- a/internal/dag/builder.go +++ b/internal/dag/builder.go @@ -14,6 +14,8 @@ package dag import ( + "sort" + "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/metrics" "github.com/projectcontour/contour/internal/status" @@ -65,9 +67,8 @@ func (b *Builder) Build() *DAG { } dag := &DAG{ - VirtualHosts: map[string]*VirtualHost{}, - SecureVirtualHosts: map[string]*SecureVirtualHost{}, - StatusCache: status.NewCache(gatewayNSName, gatewayController), + StatusCache: status.NewCache(gatewayNSName, gatewayController), + Listeners: map[string]*Listener{}, } if b.Metrics != nil { @@ -78,5 +79,45 @@ func (b *Builder) Build() *DAG { for _, p := range b.Processors { p.Run(dag, &b.Source) } + + // Prune invalid virtual hosts, and Listeners + // without any valid virtual hosts. + listeners := map[string]*Listener{} + + for _, listener := range dag.Listeners { + var vhosts []*VirtualHost + for _, vh := range listener.VirtualHosts { + if vh.Valid() { + vhosts = append(vhosts, vh) + } + } + listener.VirtualHosts = vhosts + + var svhosts []*SecureVirtualHost + for _, svh := range listener.SecureVirtualHosts { + if svh.Valid() { + svhosts = append(svhosts, svh) + } + } + listener.SecureVirtualHosts = svhosts + + if len(listener.VirtualHosts) > 0 || len(listener.SecureVirtualHosts) > 0 { + sort.SliceStable(listener.VirtualHosts, func(i, j int) bool { + return listener.VirtualHosts[i].Name < listener.VirtualHosts[j].Name + }) + + sort.SliceStable(listener.SecureVirtualHosts, func(i, j int) bool { + return listener.SecureVirtualHosts[i].Name < listener.SecureVirtualHosts[j].Name + }) + + listener.vhostsByName = nil + listener.svhostsByName = nil + + listeners[listener.Name] = listener + } + } + + dag.Listeners = listeners + return dag } diff --git a/internal/dag/builder_test.go b/internal/dag/builder_test.go index 5de747e159e..f443cc494e4 100644 --- a/internal/dag/builder_test.go +++ b/internal/dag/builder_test.go @@ -511,7 +511,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardService))), ), @@ -545,7 +545,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardService))), ), @@ -614,7 +614,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardServiceCustomNs))), ), @@ -712,7 +712,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -750,7 +750,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -817,7 +817,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -1051,7 +1051,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("another.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardService))), virtualhost("test.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardService))), @@ -1160,7 +1160,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost( "test.projectcontour.io", @@ -1218,7 +1218,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardService))), virtualhost("test2.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardService))), @@ -1252,7 +1252,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixrouteHTTPRoute("/", service(kuardService))), ), @@ -1286,7 +1286,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("*.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -1399,7 +1399,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", directResponseRoute("/", http.StatusInternalServerError)), ), @@ -1438,7 +1438,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", directResponseRoute("/", http.StatusInternalServerError)), ), @@ -1478,7 +1478,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, want: listeners(&Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", directResponseRoute("/", http.StatusInternalServerError)), ), @@ -1533,7 +1533,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, want: listeners(&Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("*", prefixrouteHTTPRoute("/", service(kuardService)))), }), }, @@ -1587,7 +1587,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, want: listeners(&Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("*", prefixrouteHTTPRoute("/", service(kuardService)))), }), }, @@ -1640,7 +1640,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, want: listeners(&Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", directResponseRoute("/", http.StatusInternalServerError)), ), @@ -1695,7 +1695,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, want: listeners(&Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", directResponseRoute("/", http.StatusInternalServerError)), ), @@ -1750,7 +1750,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, want: listeners(&Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", directResponseRoute("/", http.StatusInternalServerError)), ), @@ -1806,7 +1806,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, want: listeners(&Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", directResponseRoute("/", http.StatusInternalServerError)), ), @@ -1839,7 +1839,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", exactrouteHTTPRoute("/blog", service(kuardService))), @@ -1890,7 +1890,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardService)), @@ -1932,7 +1932,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardService)), @@ -1977,7 +1977,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -2027,7 +2027,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -2040,7 +2040,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardService))), ), @@ -2138,7 +2138,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -2189,7 +2189,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -2479,7 +2479,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -2492,7 +2492,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", prefixrouteHTTPRoute("/", service(kuardService))), ), @@ -2532,7 +2532,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -2586,7 +2586,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixSegment("/blog"), @@ -2632,7 +2632,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -2679,7 +2679,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -2726,7 +2726,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -2777,7 +2777,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -2829,7 +2829,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -2896,7 +2896,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -2967,7 +2967,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -3043,7 +3043,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -3126,7 +3126,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -3199,7 +3199,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -3249,7 +3249,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -3311,7 +3311,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -3368,7 +3368,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -3413,7 +3413,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -3466,7 +3466,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -3526,7 +3526,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixSegment("/prefix"), @@ -3576,7 +3576,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixSegment("/prefix"), @@ -3626,7 +3626,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixSegment("/prefix"), @@ -3674,7 +3674,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", withMirror(prefixrouteHTTPRoute("/", service(kuardService)), service(kuardService2)))), }, @@ -3717,7 +3717,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", withMirror(prefixrouteHTTPRoute("/", service(kuardService)), service(kuardService2)), withMirror(segmentPrefixHTTPRoute("/another-match", service(kuardService)), service(kuardService2)), @@ -3761,7 +3761,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixSegment("/prefix"), @@ -3810,7 +3810,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixSegment("/prefix"), @@ -3859,7 +3859,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixSegment("/prefix"), @@ -3905,7 +3905,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixSegment("/prefix"), @@ -3962,7 +3962,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: prefixSegment("/prefix"), @@ -4008,7 +4008,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixrouteHTTPRoute("/", &Service{ @@ -4073,7 +4073,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixrouteHTTPRoute("/", &Service{ @@ -4134,7 +4134,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", directResponseRouteService("/", http.StatusInternalServerError, &Service{ Weighted: WeightedService{ @@ -4173,7 +4173,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -4260,7 +4260,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -4325,7 +4325,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -4564,7 +4564,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -4622,7 +4622,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -4694,7 +4694,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -4760,7 +4760,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -4809,7 +4809,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -4858,7 +4858,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -4901,7 +4901,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("gateway.projectcontour.io", exactrouteHTTPRoute("/blog", service(kuardService))), @@ -4936,7 +4936,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("http.projectcontour.io", exactrouteHTTPRoute("/blog", service(kuardService))), @@ -4954,7 +4954,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", exactrouteGRPCRoute("/io.projectcontour/Login", grpcService(kuardService, "h2c"))), ), @@ -5074,7 +5074,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -5087,7 +5087,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("test.projectcontour.io", exactrouteGRPCRoute("/io.projectcontour/Login", grpcService(kuardService, "h2c"))), ), @@ -5124,7 +5124,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: exact("/io.projectcontour/Login"), @@ -5166,7 +5166,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: &PrefixMatchCondition{Prefix: "/"}, @@ -5206,7 +5206,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: &PrefixMatchCondition{Prefix: "/"}, @@ -5275,7 +5275,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: exact("/io.projectcontour/Login"), @@ -5353,7 +5353,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: exact("/io.projectcontour/Login"), @@ -5415,7 +5415,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: exact("/io.projectcontour/Login"), @@ -5479,7 +5479,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", &Route{ PathMatchCondition: exact("/io.projectcontour/Login"), @@ -5525,7 +5525,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("test.projectcontour.io", withMirror(exactrouteGRPCRoute("/io.projectcontour/Login", grpcService(kuardService, "h2c")), grpcService(kuardService2, "h2c")))), }, @@ -5583,7 +5583,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, want: listeners(&Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("*", exactrouteGRPCRoute("/io.projectcontour/Login", grpcService(kuardService, "h2c")))), }), }, @@ -5599,10 +5599,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { FieldLogger: fixture.NewTestLogger(t), }, Processors: []Processor{ + &ListenerProcessor{}, &GatewayAPIProcessor{ FieldLogger: fixture.NewTestLogger(t), }, - &ListenerProcessor{}, }, } @@ -9337,7 +9337,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", service(s1))), ), @@ -9358,7 +9358,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", service(s1))), ), @@ -9385,7 +9385,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("kuard.example.com", prefixroute("/", service(s1))), ), @@ -9421,7 +9421,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", service(s1))), ), @@ -9436,7 +9436,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", service(s1))), ), @@ -9451,7 +9451,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", service(s1))), ), @@ -9466,7 +9466,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", service(s1))), ), @@ -9495,7 +9495,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", service(s1))), ), @@ -9518,14 +9518,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("kuard.example.com", prefixroute("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("kuard.example.com", sec1, prefixroute("/", service(s1))), ), @@ -9541,14 +9541,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("kuard.example.com", prefixroute("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("kuard.example.com", sec3, prefixroute("/", service(s1))), ), @@ -9571,7 +9571,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", service(s1))), ), @@ -9594,7 +9594,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("kuard.example.com", prefixroute("/", service(s1))), ), @@ -9615,7 +9615,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("a.example.com", prefixroute("/", service(s1))), virtualhost("b.example.com", prefixroute("/", service(s1))), @@ -9631,7 +9631,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("a.example.com", prefixroute("/", service(s1))), virtualhost("b.example.com", prefixroute("/", service(s1))), @@ -9648,14 +9648,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("a.example.com", prefixroute("/", service(s1))), virtualhost("b.example.com", prefixroute("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("b.example.com", sec1, prefixroute("/", service(s1))), ), @@ -9671,14 +9671,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("a.example.com", prefixroute("/", service(s1))), virtualhost("b.example.com", prefixroute("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("b.example.com", sec1, prefixroute("/", service(s1))), ), @@ -9693,7 +9693,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("b.example.com", prefixroute("/", service(s1)), @@ -9711,7 +9711,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("b.example.com", prefixroute("/", service(s1)), @@ -9728,7 +9728,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("b.example.com", prefixroute("/", service(s1)), @@ -9753,7 +9753,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("b.example.com", sec1, prefixroute("/", service(s1)), @@ -9788,7 +9788,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("b.example.com", sec1, prefixroute("/", service(s1))), ), @@ -9802,13 +9802,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("b.example.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("b.example.com", sec1, routeUpgrade("/", service(s1))), ), @@ -9823,13 +9823,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("b.example.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("b.example.com", sec1, routeUpgrade("/", service(s1))), ), @@ -9843,13 +9843,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("foo.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -9872,13 +9872,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("foo.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -9901,13 +9901,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("foo.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("foo.com", sec1, routeUpgrade("/", service(s1))), ), @@ -9921,7 +9921,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", prefixroute("/", service(s2))), ), @@ -9935,7 +9935,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*.projectcontour.io", &Route{ @@ -9956,7 +9956,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", prefixroute("/", service(s1), service(s2))), ), @@ -9972,13 +9972,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("b.example.com", prefixroute("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -10002,7 +10002,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", service(s1)), @@ -10020,7 +10020,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", &Route{ PathMatchCondition: prefixString("/"), @@ -10038,7 +10038,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", &Route{ PathMatchCondition: prefixString("/"), @@ -10063,7 +10063,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", &Route{ PathMatchCondition: prefixString("/"), @@ -10084,7 +10084,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", &Route{ PathMatchCondition: prefixString("/"), @@ -10105,7 +10105,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("bar.com", &Route{ PathMatchCondition: prefixString("/"), @@ -10124,7 +10124,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", &Route{ PathMatchCondition: prefixString("/"), @@ -10145,7 +10145,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", &Route{ PathMatchCondition: prefixString("/"), @@ -10166,7 +10166,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("bar.com", &Route{ PathMatchCondition: prefixString("/"), @@ -10191,7 +10191,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("bar.com", &Route{ PathMatchCondition: prefixString("/"), @@ -10214,7 +10214,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("bar.com", &Route{ PathMatchCondition: prefixString("/"), @@ -10237,7 +10237,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("bar.com", &Route{ PathMatchCondition: prefixString("/"), @@ -10260,7 +10260,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", &Route{ PathMatchCondition: prefixString("/"), @@ -10283,7 +10283,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", &Route{ PathMatchCondition: regex("/[^/]+/invoices(/.*|/?)"), @@ -10308,7 +10308,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", &Route{ @@ -10353,7 +10353,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", service(s1))), virtualhost("*.example.com", &Route{ @@ -10378,7 +10378,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s13a)), @@ -10387,7 +10387,7 @@ func TestDAGInsert(t *testing.T) { ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("example.com", sec13, routeUpgrade("/", service(s13a)), @@ -10404,7 +10404,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", &Service{ @@ -10429,7 +10429,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", &Service{ @@ -10454,7 +10454,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", &Service{ @@ -10480,7 +10480,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", prefixroute("/", &Service{ @@ -10508,7 +10508,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/a", &Cluster{ @@ -10547,7 +10547,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/a", @@ -10587,7 +10587,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", prefixroute("/", service(s1))), ), @@ -10601,7 +10601,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", prefixroute("/", service(s1))), ), @@ -10632,7 +10632,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/finance"), @@ -10651,7 +10651,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/kuard"), @@ -10675,7 +10675,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -10701,7 +10701,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -10727,7 +10727,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/kuard"), @@ -10761,7 +10761,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", &Cluster{ @@ -10782,7 +10782,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", withMirror(prefixroute("/", service(s1)), service(s2)), @@ -10804,7 +10804,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", prefixroute("/", service(s1)), @@ -10821,7 +10821,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", prefixroute("/", service(s1)), @@ -10839,7 +10839,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeProtocol("/", protocol, service(s1))), @@ -10855,13 +10855,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("foo.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("foo.com", sec1, routeUpgrade("/", service(s1))), ), @@ -10875,7 +10875,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -10909,7 +10909,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -10948,7 +10948,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", prefixroute("/", service(s1)), @@ -10983,7 +10983,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -11017,13 +11017,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11048,7 +11048,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11076,13 +11076,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11107,13 +11107,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11139,13 +11139,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11171,13 +11171,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11204,13 +11204,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11242,13 +11242,13 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11290,7 +11290,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11311,7 +11311,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11333,7 +11333,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11354,7 +11354,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11381,7 +11381,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -11422,7 +11422,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -11465,7 +11465,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -11534,7 +11534,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -11575,7 +11575,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -11616,7 +11616,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -11657,7 +11657,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -11698,7 +11698,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -11745,7 +11745,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( // route on root proxy is served, includes is ignored since condition is invalid virtualhost("example.com", prefixroute("/", service(s1))), @@ -11760,7 +11760,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", // route on root proxy is served @@ -11785,7 +11785,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11809,7 +11809,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("kuard.example.com", routeUpgrade("/", service(s1)), @@ -11818,7 +11818,7 @@ func TestDAGInsert(t *testing.T) { }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11841,7 +11841,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("kuard.example.com", routeCluster("/", @@ -11862,7 +11862,7 @@ func TestDAGInsert(t *testing.T) { }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -11886,7 +11886,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeHeaders("/", map[string]string{ @@ -11945,14 +11945,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", prefixroute("/", service(s9))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -12004,7 +12004,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( // not upgraded because the route is permitInsecure: true virtualhost("example.com", prefixroute("/", service(s9))), @@ -12012,7 +12012,7 @@ func TestDAGInsert(t *testing.T) { }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -12063,7 +12063,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( // not upgraded because the route is permitInsecure: true virtualhost("example.com", prefixroute("/", service(s9))), @@ -12071,7 +12071,7 @@ func TestDAGInsert(t *testing.T) { }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -12115,7 +12115,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -12158,7 +12158,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -12210,7 +12210,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -12266,7 +12266,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -12305,7 +12305,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -12363,7 +12363,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts(virtualhost("projectcontour.io", &Route{ PathMatchCondition: prefixString("/"), @@ -12409,7 +12409,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", prefixroute("/", service(s2a))), ), @@ -12425,7 +12425,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("kuard.example.com", prefixroute("/", service(s1))), ), @@ -12453,14 +12453,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("kuard.example.com", prefixroute("/", service(s1))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( securevirtualhost("kuard.example.com", sec4, prefixroute("/", service(s1))), ), @@ -12476,7 +12476,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12514,7 +12514,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12546,7 +12546,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -12583,7 +12583,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12608,7 +12608,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12670,7 +12670,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12698,7 +12698,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12721,7 +12721,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12744,7 +12744,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/foo"), @@ -12776,7 +12776,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/foo"), @@ -12839,7 +12839,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12868,7 +12868,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12899,7 +12899,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12932,7 +12932,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -12965,7 +12965,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -13009,14 +13009,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s9))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -13106,14 +13106,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s9))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -13172,14 +13172,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s9))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -13310,7 +13310,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s9))), virtualhost("projectcontour.io", routeUpgrade("/", service(s9))), @@ -13318,7 +13318,7 @@ func TestDAGInsert(t *testing.T) { }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -13373,14 +13373,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s9))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -13427,14 +13427,14 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeUpgrade("/", service(s9))), ), }, &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -13477,7 +13477,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -13519,7 +13519,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -13565,7 +13565,7 @@ func TestDAGInsert(t *testing.T) { want: listeners( &Listener{ Name: HTTPS_LISTENER_NAME, - Port: 443, + Port: 8443, SecureVirtualHosts: securevirtualhosts( &SecureVirtualHost{ VirtualHost: VirtualHost{ @@ -13592,6 +13592,7 @@ func TestDAGInsert(t *testing.T) { FieldLogger: fixture.NewTestLogger(t), }, Processors: []Processor{ + &ListenerProcessor{}, &IngressProcessor{ FieldLogger: fixture.NewTestLogger(t), EnableExternalNameService: tc.enableExternalNameSvc, @@ -13604,7 +13605,6 @@ func TestDAGInsert(t *testing.T) { Namespace: tc.fallbackCertificateNamespace, }, }, - &ListenerProcessor{}, }, } @@ -13779,11 +13779,11 @@ func TestDAGRootNamespaces(t *testing.T) { FieldLogger: fixture.NewTestLogger(t), }, Processors: []Processor{ + &ListenerProcessor{}, &IngressProcessor{ FieldLogger: fixture.NewTestLogger(t), }, &HTTPProxyProcessor{}, - &ListenerProcessor{}, }, } @@ -13792,9 +13792,11 @@ func TestDAGRootNamespaces(t *testing.T) { } dag := builder.Build() - if count := len(dag.VirtualHosts); tc.want != count { - t.Errorf("wanted %d vertices, but got %d", tc.want, count) + var got int + if l := dag.Listeners[HTTP_LISTENER_NAME]; l != nil { + got = len(l.VirtualHosts) } + assert.Equal(t, tc.want, got) }) } } @@ -13832,8 +13834,8 @@ func TestHTTPProxyConficts(t *testing.T) { FieldLogger: fixture.NewTestLogger(t), }, Processors: []Processor{ - &HTTPProxyProcessor{}, &ListenerProcessor{}, + &HTTPProxyProcessor{}, }, } @@ -13915,7 +13917,7 @@ func TestHTTPProxyConficts(t *testing.T) { wantListeners: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", directResponseRoute("/", http.StatusServiceUnavailable)), ), @@ -13976,7 +13978,7 @@ func TestHTTPProxyConficts(t *testing.T) { wantListeners: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", directResponseRoute("/", http.StatusBadGateway)), ), @@ -14018,7 +14020,7 @@ func TestHTTPProxyConficts(t *testing.T) { wantListeners: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", directResponseRoute("/", http.StatusServiceUnavailable), @@ -14067,7 +14069,7 @@ func TestHTTPProxyConficts(t *testing.T) { wantListeners: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", routeCluster("/", @@ -14134,7 +14136,7 @@ func TestHTTPProxyConficts(t *testing.T) { wantListeners: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", directResponseRoute("/", http.StatusBadGateway), @@ -14185,7 +14187,7 @@ func TestHTTPProxyConficts(t *testing.T) { wantListeners: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", directResponseRoute("/missing", http.StatusServiceUnavailable)), ), @@ -14250,17 +14252,17 @@ func TestHTTPProxyConficts(t *testing.T) { }, existingService1, }, - wantListeners: []*Listener{ - { + wantListeners: listeners( + &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: []*VirtualHost{ virtualhost("example.com", directResponseRoute("/missing", http.StatusServiceUnavailable), prefixroute("/existing", service(existingService1))), }, }, - }, + ), wantStatus: map[types.NamespacedName]contour_api_v1.DetailedCondition{ {Name: "invalid-child-proxy", Namespace: "default"}: fixture.NewValidCondition(). WithError(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), @@ -14359,7 +14361,7 @@ func TestDefaultHeadersPolicies(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("*", &Route{ PathMatchCondition: prefixString("/"), @@ -14397,7 +14399,7 @@ func TestDefaultHeadersPolicies(t *testing.T) { want: listeners( &Listener{ Name: HTTP_LISTENER_NAME, - Port: 80, + Port: 8080, VirtualHosts: virtualhosts( virtualhost("example.com", &Route{ PathMatchCondition: prefixString("/"), @@ -14437,6 +14439,7 @@ func TestDefaultHeadersPolicies(t *testing.T) { FieldLogger: fixture.NewTestLogger(t), }, Processors: []Processor{ + &ListenerProcessor{}, &IngressProcessor{ FieldLogger: fixture.NewTestLogger(t), RequestHeadersPolicy: tc.ingressReqHp, @@ -14446,7 +14449,6 @@ func TestDefaultHeadersPolicies(t *testing.T) { RequestHeadersPolicy: tc.httpProxyReqHp, ResponseHeadersPolicy: tc.httpProxyRespHp, }, - &ListenerProcessor{}, }, } @@ -14754,6 +14756,17 @@ func securevirtualhost(name string, sec *v1.Secret, first *Route, rest ...*Route func listeners(ls ...*Listener) []*Listener { var v []*Listener + + for _, listener := range ls { + switch listener.Name { + case HTTP_LISTENER_NAME: + listener.RouteConfigName = "ingress_http" + case HTTPS_LISTENER_NAME: + listener.RouteConfigName = "https" + listener.FallbackCertRouteConfigName = "ingress_fallbackcert" + } + } + v = append(v, ls...) return v } diff --git a/internal/dag/dag.go b/internal/dag/dag.go index 19fc14d6705..dc9a44b085f 100644 --- a/internal/dag/dag.go +++ b/internal/dag/dag.go @@ -59,10 +59,13 @@ type DAG struct { // StatusCache holds a cache of status updates to send. StatusCache status.Cache - Listeners []*Listener - VirtualHosts map[string]*VirtualHost - SecureVirtualHosts map[string]*SecureVirtualHost - ExtensionClusters []*ExtensionCluster + Listeners map[string]*Listener + ExtensionClusters []*ExtensionCluster + + // Set this to true if Contour is configured with a Gateway + // and Listeners are derived from the Gateway's Listeners, or + // false otherwise. + HasNonStaticListeners bool } type MatchCondition interface { @@ -774,8 +777,25 @@ type Listener struct { // Port is the TCP port to listen on. Port int + // RouteConfigName is the Listener name component to use when + // constructing RouteConfig names. If empty, the Listener + // name will be used. + RouteConfigName string + + // FallbackCertRouteConfigName is the name to use for the fallback + // cert route config, if one is generated. If empty, the + // Listener name will be used. + FallbackCertRouteConfigName string + + // Store virtual hosts/secure virtual hosts in both + // a slice and a map. The map makes gets more efficient + // while building the DAG, but ultimately we need to + // produce sorted output which requires the slice. VirtualHosts []*VirtualHost SecureVirtualHosts []*SecureVirtualHost + + vhostsByName map[string]*VirtualHost + svhostsByName map[string]*SecureVirtualHost } // TCPProxy represents a cluster of TCP endpoints. diff --git a/internal/dag/gatewayapi_processor.go b/internal/dag/gatewayapi_processor.go index fee57ed6cf9..4ae57968640 100644 --- a/internal/dag/gatewayapi_processor.go +++ b/internal/dag/gatewayapi_processor.go @@ -936,7 +936,7 @@ func (p *GatewayAPIProcessor) computeTLSRouteForListener(route *gatewayapi_v1alp } for host := range hosts { - secure := p.dag.EnsureSecureVirtualHost(host) + secure := p.dag.EnsureSecureVirtualHost(HTTPS_LISTENER_NAME, host) if listener.tlsSecret != nil { secure.Secret = listener.tlsSecret @@ -1203,11 +1203,11 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener(route *gatewayapi_v1be for _, route := range routes { switch { case listener.tlsSecret != nil: - svhost := p.dag.EnsureSecureVirtualHost(host) + svhost := p.dag.EnsureSecureVirtualHost(HTTPS_LISTENER_NAME, host) svhost.Secret = listener.tlsSecret svhost.AddRoute(route) default: - vhost := p.dag.EnsureVirtualHost(host) + vhost := p.dag.EnsureVirtualHost(HTTP_LISTENER_NAME, host) vhost.AddRoute(route) } @@ -1333,11 +1333,11 @@ func (p *GatewayAPIProcessor) computeGRPCRouteForListener(route *gatewayapi_v1al for _, route := range routes { switch { case listener.tlsSecret != nil: - svhost := p.dag.EnsureSecureVirtualHost(host) + svhost := p.dag.EnsureSecureVirtualHost(HTTPS_LISTENER_NAME, host) svhost.Secret = listener.tlsSecret svhost.AddRoute(route) default: - vhost := p.dag.EnsureVirtualHost(host) + vhost := p.dag.EnsureVirtualHost(HTTP_LISTENER_NAME, host) vhost.AddRoute(route) } diff --git a/internal/dag/httpproxy_processor.go b/internal/dag/httpproxy_processor.go index 364a468c727..db8c8b64693 100644 --- a/internal/dag/httpproxy_processor.go +++ b/internal/dag/httpproxy_processor.go @@ -214,7 +214,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { return } - svhost := p.dag.EnsureSecureVirtualHost(host) + svhost := p.dag.EnsureSecureVirtualHost(HTTPS_LISTENER_NAME, host) svhost.Secret = sec // default to a minimum TLS version of 1.2 if it's not specified svhost.MinTLSVersion = annotation.MinTLSVersion(tls.MinimumProtocolVersion, "1.2") @@ -509,7 +509,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { } routes := p.computeRoutes(validCond, proxy, proxy, nil, nil, tlsEnabled, defaultJWTProvider) - insecure := p.dag.EnsureVirtualHost(host) + insecure := p.dag.EnsureVirtualHost(HTTP_LISTENER_NAME, host) cp, err := toCORSPolicy(proxy.Spec.VirtualHost.CORSPolicy) if err != nil { validCond.AddErrorf(contour_api_v1.ConditionTypeCORSError, "PolicyDidNotParse", @@ -531,7 +531,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { // if TLS is enabled for this virtual host and there is no tcp proxy defined, // then add routes to the secure virtualhost definition. if tlsEnabled && proxy.Spec.TCPProxy == nil { - secure := p.dag.EnsureSecureVirtualHost(host) + secure := p.dag.EnsureSecureVirtualHost(HTTPS_LISTENER_NAME, host) secure.CORSPolicy = cp rlp, err := rateLimitPolicy(proxy.Spec.VirtualHost.RateLimitPolicy) @@ -1078,7 +1078,7 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. TimeoutPolicy: ClusterTimeoutPolicy{ConnectTimeout: p.ConnectTimeout}, }) } - secure := p.dag.EnsureSecureVirtualHost(host) + secure := p.dag.EnsureSecureVirtualHost(HTTPS_LISTENER_NAME, host) secure.TCPProxy = &proxy return true diff --git a/internal/dag/ingress_processor.go b/internal/dag/ingress_processor.go index 05ee2a87267..0fad7443d8a 100644 --- a/internal/dag/ingress_processor.go +++ b/internal/dag/ingress_processor.go @@ -104,7 +104,7 @@ func (p *IngressProcessor) computeSecureVirtualhosts() { // ahead and create the SecureVirtualHost for this // Ingress. for _, host := range tls.Hosts { - svhost := p.dag.EnsureSecureVirtualHost(host) + svhost := p.dag.EnsureSecureVirtualHost(HTTPS_LISTENER_NAME, host) svhost.Secret = sec // default to a minimum TLS version of 1.2 if it's not specified svhost.MinTLSVersion = annotation.MinTLSVersion(annotation.ContourAnnotation(ing, "tls-minimum-protocol-version"), "1.2") @@ -183,14 +183,14 @@ func (p *IngressProcessor) computeIngressRule(ing *networking_v1.Ingress, rule n // should we create port 80 routes for this ingress if annotation.TLSRequired(ing) || annotation.HTTPAllowed(ing) { - vhost := p.dag.EnsureVirtualHost(host) + vhost := p.dag.EnsureVirtualHost(HTTP_LISTENER_NAME, host) vhost.AddRoute(r) } // computeSecureVirtualhosts will have populated b.securevirtualhosts // with the names of tls enabled ingress objects. If host exists then // it is correctly configured for TLS. - if svh := p.dag.GetSecureVirtualHost(host); svh != nil && host != "*" { + if svh := p.dag.GetSecureVirtualHost(HTTPS_LISTENER_NAME, host); svh != nil && host != "*" { svh.AddRoute(r) } } diff --git a/internal/dag/listener_processor.go b/internal/dag/listener_processor.go index 7329bcb0ea2..30ab81ea3e2 100644 --- a/internal/dag/listener_processor.go +++ b/internal/dag/listener_processor.go @@ -13,8 +13,6 @@ package dag -import "sort" - // nolint:revive const ( HTTP_LISTENER_NAME = "ingress_http" @@ -22,68 +20,37 @@ const ( ) // ListenerProcessor adds an HTTP and an HTTPS listener to -// the DAG if there are virtual hosts and secure virtual -// hosts already defined as roots in the DAG. -type ListenerProcessor struct{} - -// Run adds HTTP and HTTPS listeners to the DAG if there are -// virtual hosts and secure virtual hosts already defined as -// roots in the DAG. -func (p *ListenerProcessor) Run(dag *DAG, _ *KubernetesCache) { - p.buildHTTPListener(dag) - p.buildHTTPSListener(dag) +// the DAG. +type ListenerProcessor struct { + HTTPAddress string + HTTPPort int + HTTPSAddress string + HTTPSPort int } -// buildHTTPListener builds a *dag.Listener for the vhosts bound to port 80. -// The list of virtual hosts attached to the listener will be sorted by hostname. -func (p *ListenerProcessor) buildHTTPListener(dag *DAG) { - var vhosts []*VirtualHost - for _, vh := range dag.VirtualHosts { - if vh.Valid() { - vhosts = append(vhosts, vh) - } - } - - if len(vhosts) == 0 { - return +// Run adds HTTP and HTTPS listeners to the DAG. +func (p *ListenerProcessor) Run(dag *DAG, cache *KubernetesCache) { + dag.Listeners[HTTP_LISTENER_NAME] = &Listener{ + Name: HTTP_LISTENER_NAME, + Address: p.HTTPAddress, + Port: intOrDefault(p.HTTPPort, 8080), + RouteConfigName: "ingress_http", + vhostsByName: map[string]*VirtualHost{}, } - sort.SliceStable(vhosts, func(i, j int) bool { - return vhosts[i].Name < vhosts[j].Name - }) - - http := &Listener{ - Name: HTTP_LISTENER_NAME, - Port: 80, - VirtualHosts: vhosts, + dag.Listeners[HTTPS_LISTENER_NAME] = &Listener{ + Name: HTTPS_LISTENER_NAME, + Address: p.HTTPSAddress, + Port: intOrDefault(p.HTTPSPort, 8443), + RouteConfigName: "https", + FallbackCertRouteConfigName: "ingress_fallbackcert", + svhostsByName: map[string]*SecureVirtualHost{}, } - - dag.Listeners = append(dag.Listeners, http) } -// buildHTTPSListener builds a *dag.Listener for the vhosts bound to port 443. -// The list of virtual hosts attached to the listener will be sorted by hostname. -func (p *ListenerProcessor) buildHTTPSListener(dag *DAG) { - var vhosts []*SecureVirtualHost - for _, svh := range dag.SecureVirtualHosts { - if svh.Valid() { - vhosts = append(vhosts, svh) - } +func intOrDefault(i, def int) int { + if i > 0 { + return i } - - if len(vhosts) == 0 { - return - } - - sort.SliceStable(vhosts, func(i, j int) bool { - return vhosts[i].Name < vhosts[j].Name - }) - - https := &Listener{ - Name: HTTPS_LISTENER_NAME, - Port: 443, - SecureVirtualHosts: vhosts, - } - - dag.Listeners = append(dag.Listeners, https) + return def } diff --git a/internal/dag/status_test.go b/internal/dag/status_test.go index cb5159bf09f..a2d53188673 100644 --- a/internal/dag/status_test.go +++ b/internal/dag/status_test.go @@ -52,6 +52,7 @@ func TestDAGStatus(t *testing.T) { FieldLogger: fixture.NewTestLogger(t), }, Processors: []Processor{ + &ListenerProcessor{}, &IngressProcessor{ FieldLogger: fixture.NewTestLogger(t), }, @@ -61,7 +62,6 @@ func TestDAGStatus(t *testing.T) { &GatewayAPIProcessor{ FieldLogger: fixture.NewTestLogger(t), }, - &ListenerProcessor{}, }, } for _, o := range tc.objs { @@ -4328,6 +4328,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { gateway: tc.gateway, }, Processors: []Processor{ + &ListenerProcessor{}, &IngressProcessor{ FieldLogger: fixture.NewTestLogger(t), }, @@ -4335,7 +4336,6 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { &GatewayAPIProcessor{ FieldLogger: fixture.NewTestLogger(t), }, - &ListenerProcessor{}, }, } @@ -8218,6 +8218,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, }, Processors: []Processor{ + &ListenerProcessor{}, &IngressProcessor{ FieldLogger: fixture.NewTestLogger(t), }, @@ -8225,7 +8226,6 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { &GatewayAPIProcessor{ FieldLogger: fixture.NewTestLogger(t), }, - &ListenerProcessor{}, }, } @@ -8732,6 +8732,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { gateway: tc.gateway, }, Processors: []Processor{ + &ListenerProcessor{}, &IngressProcessor{ FieldLogger: fixture.NewTestLogger(t), }, @@ -8739,7 +8740,6 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { &GatewayAPIProcessor{ FieldLogger: fixture.NewTestLogger(t), }, - &ListenerProcessor{}, }, } diff --git a/internal/debug/dot_test.go b/internal/debug/dot_test.go index a998a7114f4..f5552b42413 100644 --- a/internal/debug/dot_test.go +++ b/internal/debug/dot_test.go @@ -28,8 +28,12 @@ import ( //go:generate go run github.com/vektra/mockery/v2 --case=snake --name=DagBuilder --srcpkg=github.com/projectcontour/contour/internal/debug --disable-version-string func TestWriteDotEscapesLabels(t *testing.T) { - d := dag.DAG{} - d.Listeners = append(d.Listeners, getTestListeners()...) + d := dag.DAG{ + Listeners: map[string]*dag.Listener{}, + } + for _, l := range getTestListeners() { + d.Listeners[l.Name] = l + } b := mocks.DagBuilder{} b.On("Build").Return(&d) @@ -54,8 +58,12 @@ func TestWriteDotEscapesLabels(t *testing.T) { // TestWriteDotLineCount is a pinning test to sanity check during refactor. func TestWriteDotLineCount(t *testing.T) { - d := dag.DAG{} - d.Listeners = append(d.Listeners, getTestListeners()...) + d := dag.DAG{ + Listeners: map[string]*dag.Listener{}, + } + for _, l := range getTestListeners() { + d.Listeners[l.Name] = l + } b := mocks.DagBuilder{} b.On("Build").Return(&d) diff --git a/internal/featuretests/v3/backendclientauth_test.go b/internal/featuretests/v3/backendclientauth_test.go index c5ceb9401e7..d3b32cc4382 100644 --- a/internal/featuretests/v3/backendclientauth_test.go +++ b/internal/featuretests/v3/backendclientauth_test.go @@ -43,6 +43,7 @@ func proxyClientCertificateOpt(t *testing.T) func(*dag.Builder) { log.SetLevel(logrus.DebugLevel) b.Processors = []dag.Processor{ + &dag.ListenerProcessor{}, &dag.IngressProcessor{ ClientCertificate: &secret, FieldLogger: log.WithField("context", "IngressProcessor"), @@ -54,7 +55,6 @@ func proxyClientCertificateOpt(t *testing.T) func(*dag.Builder) { ClientCertificate: &secret, FieldLogger: log.WithField("context", "ExtensionServiceProcessor"), }, - &dag.ListenerProcessor{}, } b.Source.ConfiguredSecretRefs = []*types.NamespacedName{ diff --git a/internal/featuretests/v3/externalname_test.go b/internal/featuretests/v3/externalname_test.go index dad7fd94248..1d3b1c2b872 100644 --- a/internal/featuretests/v3/externalname_test.go +++ b/internal/featuretests/v3/externalname_test.go @@ -327,6 +327,7 @@ func enableExternalNameService(t *testing.T) func(*dag.Builder) { log.SetLevel(logrus.DebugLevel) b.Processors = []dag.Processor{ + &dag.ListenerProcessor{}, &dag.IngressProcessor{ EnableExternalNameService: true, FieldLogger: log.WithField("context", "IngressProcessor"), @@ -337,7 +338,6 @@ func enableExternalNameService(t *testing.T) func(*dag.Builder) { &dag.ExtensionServiceProcessor{ FieldLogger: log.WithField("context", "ExtensionServiceProcessor"), }, - &dag.ListenerProcessor{}, } } } diff --git a/internal/featuretests/v3/fallbackcert_test.go b/internal/featuretests/v3/fallbackcert_test.go index 8e1020a7502..07cbfa56571 100644 --- a/internal/featuretests/v3/fallbackcert_test.go +++ b/internal/featuretests/v3/fallbackcert_test.go @@ -32,15 +32,13 @@ import ( func TestFallbackCertificate(t *testing.T) { rh, c, done := setup(t, func(b *dag.Builder) { - b.Processors = []dag.Processor{ - &dag.IngressProcessor{}, - &dag.HTTPProxyProcessor{ - FallbackCertificate: &types.NamespacedName{ + for _, processor := range b.Processors { + if httpProxyProcessor, ok := processor.(*dag.HTTPProxyProcessor); ok { + httpProxyProcessor.FallbackCertificate = &types.NamespacedName{ Name: "fallbacksecret", Namespace: "admin", - }, - }, - &dag.ListenerProcessor{}, + } + } } b.Source.ConfiguredSecretRefs = []*types.NamespacedName{ diff --git a/internal/featuretests/v3/featuretests.go b/internal/featuretests/v3/featuretests.go index 8ca1b8b0f48..4a78ccf29bc 100644 --- a/internal/featuretests/v3/featuretests.go +++ b/internal/featuretests/v3/featuretests.go @@ -107,6 +107,12 @@ func setup(t *testing.T, opts ...interface{}) (cache.ResourceEventHandler, *Cont FieldLogger: log, }, Processors: []dag.Processor{ + &dag.ListenerProcessor{ + HTTPAddress: "0.0.0.0", + HTTPPort: 8080, + HTTPSAddress: "0.0.0.0", + HTTPSPort: 8443, + }, &dag.IngressProcessor{ FieldLogger: log.WithField("context", "IngressProcessor"), }, @@ -117,7 +123,6 @@ func setup(t *testing.T, opts ...interface{}) (cache.ResourceEventHandler, *Cont &dag.GatewayAPIProcessor{ FieldLogger: log.WithField("context", "GatewayAPIProcessor"), }, - &dag.ListenerProcessor{}, }, } for _, opt := range opts { diff --git a/internal/featuretests/v3/globalratelimit_test.go b/internal/featuretests/v3/globalratelimit_test.go index 31a390c703f..378d6b4d329 100644 --- a/internal/featuretests/v3/globalratelimit_test.go +++ b/internal/featuretests/v3/globalratelimit_test.go @@ -670,14 +670,13 @@ func TestGlobalRateLimiting(t *testing.T) { } }, func(b *dag.Builder) { - b.Processors = []dag.Processor{ - &dag.HTTPProxyProcessor{ - FallbackCertificate: &types.NamespacedName{ + for _, processor := range b.Processors { + if httpProxyProcessor, ok := processor.(*dag.HTTPProxyProcessor); ok { + httpProxyProcessor.FallbackCertificate = &types.NamespacedName{ Name: "fallback-cert", Namespace: "default", - }, - }, - &dag.ListenerProcessor{}, + } + } } }, ) diff --git a/internal/featuretests/v3/listeners_test.go b/internal/featuretests/v3/listeners_test.go index 6a7d4521c33..dcd4b3fc461 100644 --- a/internal/featuretests/v3/listeners_test.go +++ b/internal/featuretests/v3/listeners_test.go @@ -741,20 +741,15 @@ func TestLDSIngressHTTPSUseProxyProtocol(t *testing.T) { } func TestLDSCustomAddressAndPort(t *testing.T) { - rh, c, done := setup(t, func(conf *xdscache_v3.ListenerConfig) { - conf.HTTPListeners = map[string]xdscache_v3.Listener{ - "ingress_http": { - Name: "ingress_http", - Address: "127.0.0.100", - Port: 9100, - }, - } - conf.HTTPSListeners = map[string]xdscache_v3.Listener{ - "ingress_https": { - Name: "ingress_https", - Address: "127.0.0.200", - Port: 9200, - }, + rh, c, done := setup(t, func(builder *dag.Builder) { + for _, processor := range builder.Processors { + if listenerProcessor, ok := processor.(*dag.ListenerProcessor); ok { + listenerProcessor.HTTPAddress = "127.0.0.100" + listenerProcessor.HTTPPort = 9100 + + listenerProcessor.HTTPSAddress = "127.0.0.200" + listenerProcessor.HTTPSPort = 9200 + } } }) defer done() diff --git a/internal/featuretests/v3/route_test.go b/internal/featuretests/v3/route_test.go index f8aa2bb74fc..b17f0902929 100644 --- a/internal/featuretests/v3/route_test.go +++ b/internal/featuretests/v3/route_test.go @@ -1268,11 +1268,11 @@ func TestRouteWithTLS_InsecurePaths(t *testing.T) { func TestRouteWithTLS_InsecurePaths_DisablePermitInsecureTrue(t *testing.T) { rh, c, done := setup(t, func(b *dag.Builder) { b.Processors = []dag.Processor{ + &dag.ListenerProcessor{}, &dag.IngressProcessor{}, &dag.HTTPProxyProcessor{ DisablePermitInsecure: true, }, - &dag.ListenerProcessor{}, } }) @@ -1640,11 +1640,11 @@ func TestHTTPProxyRouteWithTLS_InsecurePaths(t *testing.T) { func TestHTTPProxyRouteWithTLS_InsecurePaths_DisablePermitInsecureTrue(t *testing.T) { rh, c, done := setup(t, func(b *dag.Builder) { b.Processors = []dag.Processor{ + &dag.ListenerProcessor{}, &dag.IngressProcessor{}, &dag.HTTPProxyProcessor{ DisablePermitInsecure: true, }, - &dag.ListenerProcessor{}, } }) diff --git a/internal/xdscache/v3/listener.go b/internal/xdscache/v3/listener.go index ddb096edb14..50ece7ef900 100644 --- a/internal/xdscache/v3/listener.go +++ b/internal/xdscache/v3/listener.go @@ -14,7 +14,6 @@ package v3 import ( - "path" "sort" "sync" @@ -38,15 +37,11 @@ import ( // nolint:revive const ( - ENVOY_HTTP_LISTENER = "ingress_http" - ENVOY_FALLBACK_ROUTECONFIG = "ingress_fallbackcert" - ENVOY_HTTPS_LISTENER = "ingress_https" - DEFAULT_HTTP_ACCESS_LOG = "/dev/stdout" - DEFAULT_HTTP_LISTENER_ADDRESS = "0.0.0.0" - DEFAULT_HTTP_LISTENER_PORT = 8080 - DEFAULT_HTTPS_ACCESS_LOG = "/dev/stdout" - DEFAULT_HTTPS_LISTENER_ADDRESS = DEFAULT_HTTP_LISTENER_ADDRESS - DEFAULT_HTTPS_LISTENER_PORT = 8443 + ENVOY_HTTP_LISTENER = "ingress_http" + ENVOY_HTTPS_LISTENER = "ingress_https" + ENVOY_FALLBACK_ROUTECONFIG = "ingress_fallbackcert" + DEFAULT_HTTP_ACCESS_LOG = "/dev/stdout" + DEFAULT_HTTPS_ACCESS_LOG = "/dev/stdout" ) type Listener struct { @@ -57,21 +52,10 @@ type Listener struct { // ListenerConfig holds configuration parameters for building Envoy Listeners. type ListenerConfig struct { - - // Envoy's HTTP (non TLS) listener addresses. - // If not set, defaults to a single listener with - // DEFAULT_HTTP_LISTENER_ADDRESS:DEFAULT_HTTP_LISTENER_PORT. - HTTPListeners map[string]Listener - // Envoy's HTTP (non TLS) access log path. // If not set, defaults to DEFAULT_HTTP_ACCESS_LOG. HTTPAccessLog string - // Envoy's HTTPS (TLS) listener addresses. - // If not set, defaults to a single listener with - // DEFAULT_HTTPS_LISTENER_ADDRESS:DEFAULT_HTTPS_LISTENER_PORT. - HTTPSListeners map[string]Listener - // Envoy's HTTPS (TLS) access log path. // If not set, defaults to DEFAULT_HTTPS_ACCESS_LOG. HTTPSAccessLog string @@ -152,63 +136,6 @@ type RateLimitConfig struct { EnableResourceExhaustedCode bool } -// DefaultListeners returns the configured Listeners or a single -// Insecure (http) & single Secure (https) default listeners -// if not provided. -func (lvc *ListenerConfig) defaultListeners() *ListenerConfig { - - httpListeners := lvc.HTTPListeners - httpsListeners := lvc.HTTPSListeners - - if len(lvc.HTTPListeners) == 0 { - httpListeners = map[string]Listener{ - ENVOY_HTTP_LISTENER: { - Name: ENVOY_HTTP_LISTENER, - Address: DEFAULT_HTTP_LISTENER_ADDRESS, - Port: DEFAULT_HTTP_LISTENER_PORT, - }, - } - } - - if len(lvc.HTTPSListeners) == 0 { - httpsListeners = map[string]Listener{ - ENVOY_HTTPS_LISTENER: { - Name: ENVOY_HTTPS_LISTENER, - Address: DEFAULT_HTTPS_LISTENER_ADDRESS, - Port: DEFAULT_HTTPS_LISTENER_PORT, - }, - } - } - - lvc.HTTPListeners = httpListeners - lvc.HTTPSListeners = httpsListeners - return lvc -} - -func (lvc *ListenerConfig) secureListeners() map[string]*envoy_listener_v3.Listener { - listeners := make(map[string]*envoy_listener_v3.Listener) - - if len(lvc.HTTPSListeners) == 0 { - listeners[ENVOY_HTTPS_LISTENER] = envoy_v3.Listener( - ENVOY_HTTPS_LISTENER, - DEFAULT_HTTPS_LISTENER_ADDRESS, - DEFAULT_HTTPS_LISTENER_PORT, - secureProxyProtocol(lvc.UseProxyProto), - ) - } - - for name, l := range lvc.HTTPSListeners { - listeners[name] = envoy_v3.Listener( - l.Name, - l.Address, - l.Port, - secureProxyProtocol(lvc.UseProxyProto), - ) - } - - return listeners -} - // httpAccessLog returns the access log for the HTTP (non TLS) // listener or DEFAULT_HTTP_ACCESS_LOG if not configured. func (lvc *ListenerConfig) httpAccessLog() string { @@ -361,8 +288,8 @@ func (c *ListenerCache) Query(names []string) []proto.Message { func (*ListenerCache) TypeURL() string { return resource.ListenerType } func (c *ListenerCache) OnChange(root *dag.DAG) { - cfg := c.Config.defaultListeners() - listeners := c.Config.secureListeners() + cfg := c.Config + listeners := map[string]*envoy_listener_v3.Listener{} max := func(a, b envoy_tls_v3.TlsParameters_TlsProtocol) envoy_tls_v3.TlsParameters_TlsProtocol { if a > b { @@ -371,40 +298,48 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { return b } - // need to iterate through Listeners here because we only - // want the vhosts that have been attached to a listener - // by the listener processor. for _, listener := range root.Listeners { + // If there are non-TLS vhosts bound to the listener, + // add a listener with a single filter chain. if len(listener.VirtualHosts) > 0 { - if httpListener, ok := cfg.HTTPListeners[listener.Name]; ok { - // Add a listener if there are vhosts bound to http. - cm := envoy_v3.HTTPConnectionManagerBuilder(). - Codec(envoy_v3.CodecForVersions(cfg.DefaultHTTPVersions...)). - DefaultFilters(). - RouteConfigName(httpListener.Name). - MetricsPrefix(httpListener.Name). - AccessLoggers(cfg.newInsecureAccessLog()). - RequestTimeout(cfg.Timeouts.Request). - ConnectionIdleTimeout(cfg.Timeouts.ConnectionIdle). - StreamIdleTimeout(cfg.Timeouts.StreamIdle). - DelayedCloseTimeout(cfg.Timeouts.DelayedClose). - MaxConnectionDuration(cfg.Timeouts.MaxConnectionDuration). - ConnectionShutdownGracePeriod(cfg.Timeouts.ConnectionShutdownGracePeriod). - AllowChunkedLength(cfg.AllowChunkedLength). - MergeSlashes(cfg.MergeSlashes). - ServerHeaderTransformation(cfg.ServerHeaderTransformation). - NumTrustedHops(cfg.XffNumTrustedHops). - AddFilter(envoy_v3.GlobalRateLimitFilter(envoyGlobalRateLimitConfig(cfg.RateLimitConfig))). - Get() + cm := envoy_v3.HTTPConnectionManagerBuilder(). + Codec(envoy_v3.CodecForVersions(cfg.DefaultHTTPVersions...)). + DefaultFilters(). + RouteConfigName(httpRouteConfigName(listener)). + MetricsPrefix(listener.Name). + AccessLoggers(cfg.newInsecureAccessLog()). + RequestTimeout(cfg.Timeouts.Request). + ConnectionIdleTimeout(cfg.Timeouts.ConnectionIdle). + StreamIdleTimeout(cfg.Timeouts.StreamIdle). + DelayedCloseTimeout(cfg.Timeouts.DelayedClose). + MaxConnectionDuration(cfg.Timeouts.MaxConnectionDuration). + ConnectionShutdownGracePeriod(cfg.Timeouts.ConnectionShutdownGracePeriod). + AllowChunkedLength(cfg.AllowChunkedLength). + MergeSlashes(cfg.MergeSlashes). + ServerHeaderTransformation(cfg.ServerHeaderTransformation). + NumTrustedHops(cfg.XffNumTrustedHops). + AddFilter(envoy_v3.GlobalRateLimitFilter(envoyGlobalRateLimitConfig(cfg.RateLimitConfig))). + Get() + + listeners[listener.Name] = envoy_v3.Listener( + listener.Name, + listener.Address, + listener.Port, + proxyProtocol(cfg.UseProxyProto), + cm, + ) + } - listeners[httpListener.Name] = envoy_v3.Listener( - httpListener.Name, - httpListener.Address, - httpListener.Port, - proxyProtocol(cfg.UseProxyProto), - cm, - ) - } + // If there are TLS vhosts, add a listener to which we + // will attach a filter chain per vhost matching on SNI, + // plus possibly one fallback cert filter chain. + if len(listener.SecureVirtualHosts) > 0 { + listeners[listener.Name] = envoy_v3.Listener( + listener.Name, + listener.Address, + listener.Port, + secureProxyProtocol(cfg.UseProxyProto), + ) } for _, vh := range listener.SecureVirtualHosts { @@ -442,7 +377,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { DefaultFilters(). AddFilter(authFilter). AddFilter(envoy_v3.FilterJWTAuth(vh.JWTProviders)). - RouteConfigName(path.Join("https", vh.VirtualHost.Name)). + RouteConfigName(httpsRouteConfigName(listener, vh.VirtualHost.Name)). MetricsPrefix(listener.Name). AccessLoggers(cfg.newSecureAccessLog()). RequestTimeout(cfg.Timeouts.Request). @@ -463,11 +398,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { alpnProtos = envoy_v3.ProtoNamesForVersions(cfg.DefaultHTTPVersions...) } else { - filters = envoy_v3.Filters( - envoy_v3.TCPProxy(listener.Name, - vh.TCPProxy, - cfg.newSecureAccessLog()), - ) + filters = envoy_v3.Filters(envoy_v3.TCPProxy(listener.Name, vh.TCPProxy, cfg.newSecureAccessLog())) // Do not offer ALPN for TCP proxying, since // the protocols will be provided by the TCP @@ -509,7 +440,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { cm := envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). - RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). + RouteConfigName(fallbackCertRouteConfigName(listener)). MetricsPrefix(listener.Name). AccessLoggers(cfg.newSecureAccessLog()). RequestTimeout(cfg.Timeouts.Request). @@ -532,15 +463,15 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { listeners[listener.Name].FilterChains = append(listeners[listener.Name].FilterChains, envoy_v3.FilterChainTLSFallback(downstreamTLS, filters)) } } - } - // Remove the https listener if there are no vhosts bound to it. - if len(listeners[ENVOY_HTTPS_LISTENER].FilterChains) == 0 { - delete(listeners, ENVOY_HTTPS_LISTENER) - } else { - // there's some https listeners, we need to sort the filter chains - // to ensure that the LDS entries are identical. - sort.Stable(sorter.For(listeners[ENVOY_HTTPS_LISTENER].FilterChains)) + // Remove the https listener if there are no vhosts bound to it. + if listener := listeners[listener.Name]; listener != nil && len(listener.FilterChains) == 0 { + delete(listeners, listener.Name) + } else { + // there's some https listeners, we need to sort the filter chains + // to ensure that the LDS entries are identical. + sort.Stable(sorter.For(listener.FilterChains)) + } } // support more params of envoy listener diff --git a/internal/xdscache/v3/listener_test.go b/internal/xdscache/v3/listener_test.go index ddab6b5213e..ded08b22a41 100644 --- a/internal/xdscache/v3/listener_test.go +++ b/internal/xdscache/v3/listener_test.go @@ -605,89 +605,6 @@ func TestListenerVisit(t *testing.T) { SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, - "http listener on non default port": { // issue 72 - ListenerConfig: ListenerConfig{ - HTTPListeners: map[string]Listener{ - ENVOY_HTTP_LISTENER: { - Name: ENVOY_HTTP_LISTENER, - Address: "127.0.0.100", - Port: 9100, - }, - }, - HTTPSListeners: map[string]Listener{ - ENVOY_HTTPS_LISTENER: { - Name: ENVOY_HTTPS_LISTENER, - Address: "127.0.0.200", - Port: 9200, - }, - }, - }, - objs: []interface{}{ - &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple", - Namespace: "default", - }, - Spec: networking_v1.IngressSpec{ - TLS: []networking_v1.IngressTLS{{ - Hosts: []string{"whatever.example.com"}, - SecretName: "secret", - }}, - Rules: []networking_v1.IngressRule{{ - Host: "whatever.example.com", - IngressRuleValue: networking_v1.IngressRuleValue{ - HTTP: &networking_v1.HTTPIngressRuleValue{ - Paths: []networking_v1.HTTPIngressPath{{ - Backend: *backend("kuard", 8080), - }}, - }, - }, - }}, - }, - }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "secret", - Namespace: "default", - }, - Type: "kubernetes.io/tls", - Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), - }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: "kuard", - Namespace: "default", - }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ - Name: "http", - Protocol: "TCP", - Port: 8080, - }}, - }, - }, - }, - want: listenermap(&envoy_listener_v3.Listener{ - Name: ENVOY_HTTP_LISTENER, - Address: envoy_v3.SocketAddress("127.0.0.100", 9100), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), - SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), - }, &envoy_listener_v3.Listener{ - Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v3.SocketAddress("127.0.0.200", 9200), - ListenerFilters: envoy_v3.ListenerFilters( - envoy_v3.TLSInspector(), - ), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ - ServerNames: []string{"whatever.example.com"}, - }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), - }}, - SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), - }), - }, "use proxy proto": { ListenerConfig: ListenerConfig{ UseProxyProto: true, @@ -814,12 +731,12 @@ func TestListenerVisit(t *testing.T) { }, want: listenermap(&envoy_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v3.SocketAddress(DEFAULT_HTTP_LISTENER_ADDRESS, DEFAULT_HTTP_LISTENER_PORT), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy("/tmp/http_access.log", "", nil, v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }, &envoy_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v3.SocketAddress(DEFAULT_HTTPS_LISTENER_ADDRESS, DEFAULT_HTTPS_LISTENER_PORT), + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), diff --git a/internal/xdscache/v3/route.go b/internal/xdscache/v3/route.go index b1eea18223f..2f7badb61b8 100644 --- a/internal/xdscache/v3/route.go +++ b/internal/xdscache/v3/route.go @@ -91,38 +91,73 @@ func (c *RouteCache) OnChange(root *dag.DAG) { // - one for all the HTTP vhost routes -- "ingress_http" // - one per svhost -- "https/" // - one for fallback cert (if configured) -- "ingress_fallbackcert" - routeConfigs := map[string]*envoy_route_v3.RouteConfiguration{ - ENVOY_HTTP_LISTENER: envoy_v3.RouteConfiguration(ENVOY_HTTP_LISTENER), - } + routeConfigs := map[string]*envoy_route_v3.RouteConfiguration{} - for vhost, routes := range root.GetVirtualHostRoutes() { - sortRoutes(routes) - routeConfigs[ENVOY_HTTP_LISTENER].VirtualHosts = append(routeConfigs[ENVOY_HTTP_LISTENER].VirtualHosts, - envoy_v3.VirtualHostAndRoutes(vhost, routes, false, nil)) + // To maintain backwards compatibility, generate an "ingress_http" RouteConfiguration + // regardless of whether there are any vhosts if we are in static Listener mode. + if !root.HasNonStaticListeners { + routeConfigs[ENVOY_HTTP_LISTENER] = envoy_v3.RouteConfiguration(ENVOY_HTTP_LISTENER) } - for vhost, routes := range root.GetSecureVirtualHostRoutes() { - // Add secure vhost route config if not already present. - name := path.Join("https", vhost.VirtualHost.Name) - if _, ok := routeConfigs[name]; !ok { - routeConfigs[name] = envoy_v3.RouteConfiguration(name) - } + for _, dagListener := range root.Listeners { + if len(dagListener.VirtualHosts) > 0 { + routeConfigName := httpRouteConfigName(dagListener) + + routeConfigs[routeConfigName] = envoy_v3.RouteConfiguration(routeConfigName) + + for _, vhost := range dagListener.VirtualHosts { + if len(vhost.Routes) == 0 { + continue + } - sortRoutes(routes) - routeConfigs[name].VirtualHosts = append(routeConfigs[name].VirtualHosts, - envoy_v3.VirtualHostAndRoutes(&vhost.VirtualHost, routes, true, vhost.AuthorizationService)) - - // A fallback route configuration contains routes for all the vhosts that have the fallback certificate enabled. - // When a request is received, the default TLS filterchain will accept the connection, - // and this routing table in RDS defines where the request proxies next. - if vhost.FallbackCertificate != nil { - // Add fallback route config if not already present. - if _, ok := routeConfigs[ENVOY_FALLBACK_ROUTECONFIG]; !ok { - routeConfigs[ENVOY_FALLBACK_ROUTECONFIG] = envoy_v3.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG) + var routes []*dag.Route + for _, route := range vhost.Routes { + routes = append(routes, route) + } + sortRoutes(routes) + + routeConfigs[routeConfigName].VirtualHosts = append(routeConfigs[routeConfigName].VirtualHosts, + envoy_v3.VirtualHostAndRoutes(vhost, routes, false, nil), + ) } + } - routeConfigs[ENVOY_FALLBACK_ROUTECONFIG].VirtualHosts = append(routeConfigs[ENVOY_FALLBACK_ROUTECONFIG].VirtualHosts, - envoy_v3.VirtualHostAndRoutes(&vhost.VirtualHost, routes, true, vhost.AuthorizationService)) + if len(dagListener.SecureVirtualHosts) > 0 { + for _, vhost := range dagListener.SecureVirtualHosts { + if len(vhost.Routes) == 0 { + continue + } + + // Add secure vhost route config if not already present. + routeConfigName := httpsRouteConfigName(dagListener, vhost.VirtualHost.Name) + + if _, ok := routeConfigs[routeConfigName]; !ok { + routeConfigs[routeConfigName] = envoy_v3.RouteConfiguration(routeConfigName) + } + + var routes []*dag.Route + for _, route := range vhost.Routes { + routes = append(routes, route) + } + sortRoutes(routes) + + routeConfigs[routeConfigName].VirtualHosts = append(routeConfigs[routeConfigName].VirtualHosts, + envoy_v3.VirtualHostAndRoutes(&vhost.VirtualHost, routes, true, vhost.AuthorizationService)) + + // A fallback route configuration contains routes for all the vhosts that have the fallback certificate enabled. + // When a request is received, the default TLS filterchain will accept the connection, + // and this routing table in RDS defines where the request proxies next. + if vhost.FallbackCertificate != nil { + routeConfigName := fallbackCertRouteConfigName(dagListener) + + if _, ok := routeConfigs[routeConfigName]; !ok { + routeConfigs[routeConfigName] = envoy_v3.RouteConfiguration(routeConfigName) + } + + routeConfigs[routeConfigName].VirtualHosts = append(routeConfigs[routeConfigName].VirtualHosts, + envoy_v3.VirtualHostAndRoutes(&vhost.VirtualHost, routes, true, vhost.AuthorizationService)) + } + } } } @@ -152,3 +187,22 @@ func sortRoutes(routes []*dag.Route) { sort.Stable(sorter.For(routes)) } + +func httpRouteConfigName(listener *dag.Listener) string { + if len(listener.RouteConfigName) > 0 { + return listener.RouteConfigName + } + return listener.Name +} + +func httpsRouteConfigName(listener *dag.Listener, hostname string) string { + return path.Join(httpRouteConfigName(listener), hostname) +} + +func fallbackCertRouteConfigName(listener *dag.Listener) string { + if len(listener.FallbackCertRouteConfigName) > 0 { + return listener.FallbackCertRouteConfigName + } + + return path.Join(httpRouteConfigName(listener), "fallbackcert") +} diff --git a/internal/xdscache/v3/secret_test.go b/internal/xdscache/v3/secret_test.go index 26c6a063bd9..133e103004a 100644 --- a/internal/xdscache/v3/secret_test.go +++ b/internal/xdscache/v3/secret_test.go @@ -483,11 +483,11 @@ func buildDAG(t *testing.T, objs ...interface{}) *dag.DAG { FieldLogger: fixture.NewTestLogger(t), }, Processors: []dag.Processor{ + &dag.ListenerProcessor{}, &dag.IngressProcessor{ FieldLogger: fixture.NewTestLogger(t), }, &dag.HTTPProxyProcessor{}, - &dag.ListenerProcessor{}, }, } @@ -504,13 +504,18 @@ func buildDAGFallback(t *testing.T, fallbackCertificate *types.NamespacedName, o FieldLogger: fixture.NewTestLogger(t), }, Processors: []dag.Processor{ + &dag.ListenerProcessor{ + HTTPAddress: "0.0.0.0", + HTTPPort: 8080, + HTTPSAddress: "0.0.0.0", + HTTPSPort: 8443, + }, &dag.IngressProcessor{ FieldLogger: fixture.NewTestLogger(t), }, &dag.HTTPProxyProcessor{ FallbackCertificate: fallbackCertificate, }, - &dag.ListenerProcessor{}, }, } for _, o := range objs {