nginx-gateway-fabric icon indicating copy to clipboard operation
nginx-gateway-fabric copied to clipboard

Published 20 hours ago verified publisher icon nginxinc

Support Listener Isolation

Open pleshakov opened this issue 2 years ago • 2 comments
trafficstars

Listener isolation means that for a request with the host header X, it can only match routing rules from a single listener, the most specific listener that hostname X.

This is clarified here https://github.com/kubernetes-sigs/gateway-api/blob/cdc85ca46615905238674c535239cac163c21c13/apis/v1/gateway_types.go#L173-L178

As you can see, listener isolation is SHOULD, not MUST.

In our implementation, routing rules for the hostname X can be spread across multiple listeners, as long as the hostname field of those listeners includes X. This means a request header with X will mach across multiple listeners, which violates listener isolation.

This issue further clarifies the problem https://github.com/kubernetes-sigs/gateway-api/issues/2416 including some edge cases (which we don't support).

Acceptance criteria:

  • Support listener isolation (it makes sense to do that once conformance tests are defined for it)

Dev Notes:

  • Conformance test should have been merged here.

pleshakov avatar Oct 20 '23 20:10 pleshakov