Sunjay Bhatia

could do something hacky here to fix the bootstrap issue, which would look like: - change cookie load balancing strategy to passive cookie hashing, Envoy will now not generate a...

again doesnt really solve the issue since the app isnt generating the cookie, so again not sure how useful any of this is

Contour should be detecting mismatched SNI and Host headers (and send 421 responses), we use some custom Lua to configure Envoy to catch this, see: https://github.com/projectcontour/contour/blob/5bb85eb792c3cfb6140da9172a738e0708c29f4c/internal/envoy/v3/listener.go#L728-L777 Mentioning this since it...

(I only mentioned the mismatched SNI and Host feature to make sure that was covered for posterity, since the linked Envoy issue talks about that case heavily) The issue here...

The structure of our Envoy configuration in this situation is set up as the following hierarchy: - HTTPS Listener on secure port (default 8443) - Listener has multiple filter chains...

cc @projectcontour/maintainers @projectcontour/contour-reviewers for any thoughts here

e.g. here is an example wildcard routeconfig ``` { "version_info": "4", "route_config": { "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "name": "https/*.example.com", "virtual_hosts": [ { "name": "*.example.com", "domains": [ "*.example.com" ], "routes": [ { "match":...

yep, only allowing one request per connection is definitely not a full solution we'll have to do some work on an appropriate solution to this, my suggestion above on adding...

the `envoy-service-name/namespace` flags are used for identifying which LoadBalancer Service External IP to watch in order to populate the LoadBalancer IP on Ingress/HTTPProxy resources. I'm not sure how that fits...

I'm not sure what you mean by that, can you clarify a bit? How is your ALB set up to interact with Contour and what information on which resources are...