fix(MeshGateway): ensure that duplicate listeners are not added when …

…crossMesh is enabled on a listener and Routes specify hostnames (#8156)

In the cross-mesh case, the SNI string will be a kuma SNI string for the gateway service (e.g. edge-gateway{mesh=default,port=tcp-8080}). Thus it is not possible to distinguish hosts at the listener level and no filter chain sni matchers are added. This can lead to a duplicate listener filter chain being added if there are multiple hostnames to route.

Thus we truncate the gatewayHosts array to size 1 before creating the listener blocks.

Signed-off-by: Tim Treptow <ttreptow@domaintools.com>

pkg/plugins/runtime/gateway/filter_chain_generator.go

@@ -93,6 +93,10 @@ func (g *HTTPSFilterChainGenerator) Generate(
 
 	var filterChainBuilders []*envoy_listeners.FilterChainBuilder
 
+	if info.Listener.CrossMesh {
+		// For cross-mesh, we can only add one listener filter chain as there will not be any (usable) SNI available for filter chain matching
+		hosts = hosts[:1]
+	}
 	for _, host := range hosts {
 		log.V(1).Info("generating filter chain", "hostname", host.Hostname)
 

pkg/plugins/runtime/gateway/gateway_route_generator_test.go

@@ -1440,30 +1440,120 @@ conf:
   - port: 8080
     protocol: HTTP
     crossMesh: true
+  - port: 8081
+    protocol: HTTP
+    crossMesh: true
+    hostname: internal-cross-mesh.mesh
+    tags:
+      hostname: internal-cross-mesh.mesh
+  - port: 8082
+    protocol: HTTP
+    crossMesh: true
+    tags:
+      hostname: route-only
 `, `
 type: MeshGatewayRoute
 mesh: default
-name: echo-service
+name: echo-service-default
 selectors:
 - match:
     kuma.io/service: gateway-default
+conf:
+  http:
+    rules:
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/ext"
+      backends:
+      - destination:
+          kuma.io/service: external-httpbin
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/echo"
+      backends:
+      - destination:
+          kuma.io/service: echo-service
+`, `
+type: MeshGatewayRoute
+mesh: default
+name: echo-service-with-hostname
 selectors:
 - match:
     kuma.io/service: gateway-default
+    hostname: route-only
 conf:
   http:
+    hostnames:
+    - cross-mesh.mesh
+    - cross-mesh2.mesh
     rules:
     - matches:
       - path:
           match: PREFIX
-          value: "/ext"
+          value: "/hostname-ext"
       backends:
       - destination:
           kuma.io/service: external-httpbin
     - matches:
       - path:
           match: PREFIX
-          value: "/echo"
+          value: "/hostname-echo"
+      backends:
+      - destination:
+          kuma.io/service: echo-service
+`, `
+type: MeshGatewayRoute
+mesh: default
+name: echo-service-with-hostname-and-hostname-on-listener
+selectors:
+- match:
+    kuma.io/service: gateway-default
+    hostname: internal-cross-mesh.mesh
+conf:
+  http:
+    hostnames:
+    - cross-mesh.mesh
+    rules:
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/hostname-and-hostname-on-listener-no-match-ext"
+      backends:
+      - destination:
+          kuma.io/service: external-httpbin
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/hostname-and-hostname-on-listener-no-match-echo"
+      backends:
+      - destination:
+          kuma.io/service: echo-service
+`, `
+type: MeshGatewayRoute
+mesh: default
+name: echo-service-with-hostname-and-different-hostname-on-listener
+selectors:
+- match:
+    kuma.io/service: gateway-default
+    hostname: internal-cross-mesh.mesh
+conf:
+  http:
+    hostnames:
+    - internal-cross-mesh.mesh
+    rules:
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/hostname-and-hostname-on-listener-match-ext"
+      backends:
+      - destination:
+          kuma.io/service: external-httpbin
+    - matches:
+      - path:
+          match: PREFIX
+          value: "/hostname-and-hostname-on-listener-match-echo"
       backends:
       - destination:
           kuma.io/service: echo-service