Nick Young
Nick Young
This may well be a bug in how we handle invalid HTTPRoutes, which I _think_ a planned refactor to the Gateway reconciler may fix. But the testing for the Gateway...
I _think_ so, but I'm not sure, haven't had a chance to replicate yet. If you could test that out for me, that would be amazing!
The big changes in cert-manager 1.18 were for Ingress processing, not Gateway, I think.
The key part here is having hostnames set in HTTPRoutes, it seems - when I reproduce using @SantoDE's original reproduction, if I remove the `hostnames` list from the YAML, this...
I haven't verified with cert-manager, only the minimal reproduction, but it does seem like that should work, yes. Still chasing down exactly what is happening.
I just tested with my repro, and yes, removing the hostnames from the routes does seem to work around this bug.
I've added "wontfix" to this issue because Contour is not currently planning on supporting UDP traffic. If you would like this to change, I need use cases and more information...
Thanks for the info, @bnopacheco! For the UDP packets you would want to forward, can you tell me more about what's on the in-cluster end? Does it need access to...
Yes, as you've found, Envoy does not allow changing the Host header using header rewriting. It's better to use the rewrite rules instead. You can see this in the Envoy...
Additionally, once this is added, Envoy will reject _all_ further config updates - because it's not allowed. So, until you remove this config, then no updates will occur. Another reason...