Ensure that duplicate listeners are not added when crossMesh is enabl…

…ed on a listener and Routes specify hostnames

In the cross-mesh case, the SNI string will be a kuma SNI string for the gateway service (e.g. edge-gateway{mesh=default,port=tcp-8080}). Thus it is not possible to distinguish hosts at the listener level and no filter chain sni matchers are added. This can lead to a duplicate listener filter chain being added if there are multiple hostnames to route.

Thus we truncate the gatewayHosts array to size 1 before creating the listener blocks.

pkg/plugins/runtime/gateway/gateway_route_generator_test.go

@@ -1440,6 +1440,12 @@ conf:
   - port: 8080
     protocol: HTTP
     crossMesh: true
+  - port: 8081
+    protocol: HTTP
+    crossMesh: true
+    hostname: internal-cross-mesh.mesh
+    tags:
+      hostname: internal-cross-mesh.mesh
 `, `
 type: MeshGatewayRoute
 mesh: default
@@ -1467,6 +1473,89 @@ conf:
       backends:
       - destination:
           kuma.io/service: echo-service
+`, `
+type: MeshGatewayRoute
+mesh: default
+name: echo-service-with-hostname
+selectors:
+- match:
+    kuma.io/service: gateway-default
+selectors:
+- match:
+    kuma.io/service: gateway-default
+conf:
+  http:
+    hostnames:
+    - cross-mesh.mesh
+    rules:
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/hostname-ext"
+      backends:
+      - destination:
+          kuma.io/service: external-httpbin
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/hostname-echo"
+      backends:
+      - destination:
+          kuma.io/service: echo-service
+`, `
+type: MeshGatewayRoute
+mesh: default
+name: echo-service-with-hostname-and-hostname-on-listener
+selectors:
+- match:
+    kuma.io/service: gateway-default
+    hostname: internal-cross-mesh.mesh
+conf:
+  http:
+    hostnames:
+    - cross-mesh.mesh
+    rules:
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/hostname-and-hostname-on-listener-no-match-ext"
+      backends:
+      - destination:
+          kuma.io/service: external-httpbin
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/hostname-and-hostname-on-listener-eno-match-cho"
+      backends:
+      - destination:
+          kuma.io/service: echo-service
+`, `
+type: MeshGatewayRoute
+mesh: default
+name: echo-service-with-hostname-and-hostname-on-listener
+selectors:
+- match:
+    kuma.io/service: gateway-default
+    hostname: internal-cross-mesh.mesh
+conf:
+  http:
+    hostnames:
+    - internal-cross-mesh.mesh
+    rules:
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/hostname-and-hostname-on-listener-match-ext"
+      backends:
+      - destination:
+          kuma.io/service: external-httpbin
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/hostname-and-hostname-on-listener-match-echo"
+      backends:
+      - destination:
+          kuma.io/service: echo-service
 `,
 		),
 

pkg/plugins/runtime/gateway/generator.go

@@ -261,6 +261,10 @@ func (g Generator) generateLDS(ctx xds_context.Context, info GatewayListenerInfo
 	for _, hostInfo := range hostInfos {
 		gatewayHosts = append(gatewayHosts, hostInfo.Host)
 	}
+	if info.Listener.CrossMesh {
+		//for cross-mesh, we can only add one listener filter chain as there will not be any (usable) SNI available for filter chain matching
+		gatewayHosts = gatewayHosts[:1]
+	}
 
 	protocol := info.Listener.Protocol
 	if info.Listener.CrossMesh {
@@ -394,7 +398,10 @@ func MakeGatewayListener(
 		hosts = append(hosts, host)
 	}
 
-	hosts = RedistributeWildcardRoutes(hosts)
+	// We ignore route hostnames with cross mesh
+	if !listener.CrossMesh {
+		hosts = RedistributeWildcardRoutes(hosts)
+	}
 
 	// Sort by reverse hostname, so that fully qualified hostnames sort
 	// before wildcard domains, and "*" is last.