fix gateway name (#672)

pkg/ingress/config/ingress_config.go

@@ -140,8 +140,6 @@ type IngressConfig struct {
 
 	annotationHandler annotations.AnnotationHandler
 
-	globalGatewayName string
-
 	namespace string
 
 	clusterId string
@@ -157,13 +155,11 @@ func NewIngressConfig(localKubeClient kube.Client, XDSUpdater model.XDSUpdater,
 		XDSUpdater:               XDSUpdater,
 		annotationHandler:        annotations.NewAnnotationHandlerManager(),
 		clusterId:                clusterId,
-		globalGatewayName: namespace + "/" +
+		watchedSecretSet:         sets.NewSet(),
-			common.CreateConvertedName(clusterId, "global"),
+		namespace:                namespace,
-		watchedSecretSet:    sets.NewSet(),
+		mcpbridgeReconciled:      atomic.NewBool(false),
-		namespace:           namespace,
+		wasmPlugins:              make(map[string]*extensions.WasmPlugin),
-		mcpbridgeReconciled: atomic.NewBool(false),
+		http2rpcs:                make(map[string]*higressv1.Http2Rpc),
-		wasmPlugins:         make(map[string]*extensions.WasmPlugin),
-		http2rpcs:           make(map[string]*higressv1.Http2Rpc),
 	}
 	mcpbridgeController := mcpbridge.NewController(localKubeClient, clusterId)
 	mcpbridgeController.AddEventHandler(config.AddOrUpdateMcpBridge, config.DeleteMcpBridge)
@@ -479,7 +475,7 @@ func (m *IngressConfig) convertVirtualService(configs []common.WrapperConfig) []
 			common.CreateConvertedName(m.clusterId, cleanHost),
 			common.CreateConvertedName(constants.IstioIngressGatewayName, cleanHost)}
 		if host != "*" {
-			gateways = append(gateways, m.globalGatewayName)
+			gateways = append(gateways, m.namespace+"/"+common.CreateConvertedName(m.clusterId, common.CleanHost("*")))
 		}
 
 		wrapperVS, exist := convertOptions.VirtualServices[host]

pkg/ingress/config/ingress_config_test.go

@@ -257,7 +257,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 				"foo.com": {
 					Meta: config.Meta{
 						GroupVersionKind: gvk.Gateway,
-						Name:             "istio-autogenerated-k8s-ingress-foo-com",
+						Name:             "istio-autogenerated-k8s-ingress-" + common.CleanHost("foo.com"),
 						Namespace:        "wakanda",
 						Annotations: map[string]string{
 							common.ClusterIdAnnotation: "ingress-v1beta1",
@@ -270,7 +270,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   80,
 									Protocol: "HTTP",
-									Name:     "http-80-ingress-ingress-v1beta1-wakanda-test-1-foo-com",
+									Name:     "http-80-ingress-ingress-v1beta1",
 								},
 								Hosts: []string{"foo.com"},
 							},
@@ -278,7 +278,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   443,
 									Protocol: "HTTPS",
-									Name:     "https-443-ingress-ingress-v1beta1-wakanda-test-2-foo-com",
+									Name:     "https-443-ingress-ingress-v1beta1",
 								},
 								Hosts: []string{"foo.com"},
 								Tls: &networking.ServerTLSSettings{
@@ -293,7 +293,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 				"test.com": {
 					Meta: config.Meta{
 						GroupVersionKind: gvk.Gateway,
-						Name:             "istio-autogenerated-k8s-ingress-test-com",
+						Name:             "istio-autogenerated-k8s-ingress-" + common.CleanHost("test.com"),
 						Namespace:        "wakanda",
 						Annotations: map[string]string{
 							common.ClusterIdAnnotation: "ingress-v1beta1",
@@ -306,7 +306,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   80,
 									Protocol: "HTTP",
-									Name:     "http-80-ingress-ingress-v1beta1-wakanda-test-1-test-com",
+									Name:     "http-80-ingress-ingress-v1beta1",
 								},
 								Hosts: []string{"test.com"},
 							},
@@ -314,7 +314,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   443,
 									Protocol: "HTTPS",
-									Name:     "https-443-ingress-ingress-v1beta1-wakanda-test-1-test-com",
+									Name:     "https-443-ingress-ingress-v1beta1",
 								},
 								Hosts: []string{"test.com"},
 								Tls: &networking.ServerTLSSettings{
@@ -329,7 +329,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 				"bar.com": {
 					Meta: config.Meta{
 						GroupVersionKind: gvk.Gateway,
-						Name:             "istio-autogenerated-k8s-ingress-bar-com",
+						Name:             "istio-autogenerated-k8s-ingress-" + common.CleanHost("bar.com"),
 						Namespace:        "wakanda",
 						Annotations: map[string]string{
 							common.ClusterIdAnnotation: "ingress-v1beta1",
@@ -342,7 +342,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   80,
 									Protocol: "HTTP",
-									Name:     "http-80-ingress-ingress-v1beta1-wakanda-test-2-bar-com",
+									Name:     "http-80-ingress-ingress-v1beta1",
 								},
 								Hosts: []string{"bar.com"},
 							},
@@ -471,7 +471,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 				"foo.com": {
 					Meta: config.Meta{
 						GroupVersionKind: gvk.Gateway,
-						Name:             "istio-autogenerated-k8s-ingress-foo-com",
+						Name:             "istio-autogenerated-k8s-ingress-" + common.CleanHost("foo.com"),
 						Namespace:        "wakanda",
 						Annotations: map[string]string{
 							common.ClusterIdAnnotation: "ingress-v1",
@@ -484,7 +484,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   80,
 									Protocol: "HTTP",
-									Name:     "http-80-ingress-ingress-v1-wakanda-test-1-foo-com",
+									Name:     "http-80-ingress-ingress-v1",
 								},
 								Hosts: []string{"foo.com"},
 							},
@@ -492,7 +492,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   443,
 									Protocol: "HTTPS",
-									Name:     "https-443-ingress-ingress-v1-wakanda-test-2-foo-com",
+									Name:     "https-443-ingress-ingress-v1",
 								},
 								Hosts: []string{"foo.com"},
 								Tls: &networking.ServerTLSSettings{
@@ -507,7 +507,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 				"test.com": {
 					Meta: config.Meta{
 						GroupVersionKind: gvk.Gateway,
-						Name:             "istio-autogenerated-k8s-ingress-test-com",
+						Name:             "istio-autogenerated-k8s-ingress-" + common.CleanHost("test.com"),
 						Namespace:        "wakanda",
 						Annotations: map[string]string{
 							common.ClusterIdAnnotation: "ingress-v1",
@@ -520,7 +520,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   80,
 									Protocol: "HTTP",
-									Name:     "http-80-ingress-ingress-v1-wakanda-test-1-test-com",
+									Name:     "http-80-ingress-ingress-v1",
 								},
 								Hosts: []string{"test.com"},
 							},
@@ -528,7 +528,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   443,
 									Protocol: "HTTPS",
-									Name:     "https-443-ingress-ingress-v1-wakanda-test-1-test-com",
+									Name:     "https-443-ingress-ingress-v1",
 								},
 								Hosts: []string{"test.com"},
 								Tls: &networking.ServerTLSSettings{
@@ -543,7 +543,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 				"bar.com": {
 					Meta: config.Meta{
 						GroupVersionKind: gvk.Gateway,
-						Name:             "istio-autogenerated-k8s-ingress-bar-com",
+						Name:             "istio-autogenerated-k8s-ingress-" + common.CleanHost("bar.com"),
 						Namespace:        "wakanda",
 						Annotations: map[string]string{
 							common.ClusterIdAnnotation: "ingress-v1",
@@ -556,7 +556,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   80,
 									Protocol: "HTTP",
-									Name:     "http-80-ingress-ingress-v1-wakanda-test-2-bar-com",
+									Name:     "http-80-ingress-ingress-v1",
 								},
 								Hosts: []string{"bar.com"},
 							},

pkg/ingress/config/kingress_config.go

@@ -66,8 +66,6 @@ type KIngressConfig struct {
 
 	annotationHandler annotations.AnnotationHandler
 
-	globalGatewayName string
-
 	namespace string
 
 	clusterId string
@@ -86,10 +84,8 @@ func NewKIngressConfig(localKubeClient kube.Client, XDSUpdater model.XDSUpdater,
 		XDSUpdater:               XDSUpdater,
 		annotationHandler:        annotations.NewAnnotationHandlerManager(),
 		clusterId:                clusterId,
-		globalGatewayName: namespace + "/" +
+		watchedSecretSet:         sets.NewSet(),
-			common.CreateConvertedName(clusterId, "global"),
+		namespace:                namespace,
-		watchedSecretSet: sets.NewSet(),
-		namespace:        namespace,
 	}
 
 	return config
@@ -319,7 +315,7 @@ func (m *KIngressConfig) convertVirtualService(configs []common.WrapperConfig) [
 			common.CreateConvertedName(m.clusterId, cleanHost),
 			common.CreateConvertedName(constants.IstioIngressGatewayName, cleanHost)}
 		if host != "*" {
-			gateways = append(gateways, m.globalGatewayName)
+			gateways = append(gateways, m.namespace+"/"+common.CreateConvertedName(m.clusterId, common.CleanHost("*")))
 		}
 
 		wrapperVS, exist := convertOptions.VirtualServices[host]

pkg/ingress/config/kingress_config_test.go

@@ -363,7 +363,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) {
 				"foo.com": {
 					Meta: config.Meta{
 						GroupVersionKind: gvk.Gateway,
-						Name:             "istio-autogenerated-k8s-ingress-foo-com",
+						Name:             "istio-autogenerated-k8s-ingress-" + common.CleanHost("foo.com"),
 						Namespace:        "wakanda",
 						Annotations: map[string]string{
 							common.ClusterIdAnnotation: "kingress",
@@ -376,7 +376,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   80,
 									Protocol: "HTTP",
-									Name:     "http-80-ingress-kingress-wakanda-test-1-foo-com",
+									Name:     "http-80-ingress-kingress",
 								},
 								Hosts: []string{"foo.com"},
 								//Tls: &networking.ServerTLSSettings{
@@ -387,7 +387,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   443,
 									Protocol: "HTTPS",
-									Name:     "https-443-ingress-kingress-wakanda-test-2-foo-com",
+									Name:     "https-443-ingress-kingress",
 								},
 								Hosts: []string{"foo.com"},
 								Tls: &networking.ServerTLSSettings{
@@ -402,7 +402,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) {
 				"test.com": {
 					Meta: config.Meta{
 						GroupVersionKind: gvk.Gateway,
-						Name:             "istio-autogenerated-k8s-ingress-test-com",
+						Name:             "istio-autogenerated-k8s-ingress-" + common.CleanHost("test.com"),
 						Namespace:        "wakanda",
 						Annotations: map[string]string{
 							common.ClusterIdAnnotation: "kingress",
@@ -415,7 +415,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   80,
 									Protocol: "HTTP",
-									Name:     "http-80-ingress-kingress-wakanda-test-1-test-com",
+									Name:     "http-80-ingress-kingress",
 								},
 								Hosts: []string{"test.com"},
 								//Tls: &networking.ServerTLSSettings{
@@ -426,7 +426,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   443,
 									Protocol: "HTTPS",
-									Name:     "https-443-ingress-kingress-wakanda-test-1-test-com",
+									Name:     "https-443-ingress-kingress",
 								},
 								Hosts: []string{"test.com"},
 								Tls: &networking.ServerTLSSettings{
@@ -441,7 +441,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) {
 				"bar.com": {
 					Meta: config.Meta{
 						GroupVersionKind: gvk.Gateway,
-						Name:             "istio-autogenerated-k8s-ingress-bar-com",
+						Name:             "istio-autogenerated-k8s-ingress-" + common.CleanHost("bar.com"),
 						Namespace:        "wakanda",
 						Annotations: map[string]string{
 							common.ClusterIdAnnotation: "kingress",
@@ -454,7 +454,7 @@ func TestConvertGatewaysForKIngress(t *testing.T) {
 								Port: &networking.Port{
 									Number:   80,
 									Protocol: "HTTP",
-									Name:     "http-80-ingress-kingress-wakanda-test-2-bar-com",
+									Name:     "http-80-ingress-kingress",
 								},
 								Hosts: []string{"bar.com"},
 							},

pkg/ingress/kube/common/tool.go

@@ -140,17 +140,19 @@ func GetHost(annotations map[string]string) string {
 	return ""
 }
 
+// Istio requires that the name of the gateway must conform to the DNS label.
+// For details, you can view: https://github.com/istio/istio/blob/2d5c40ad5e9cceebe64106005aa38381097da2ba/pkg/config/validation/validation.go#L478
+func convertToDNSLabelValid(input string) string {
+	hasher := md5.New()
+	hasher.Write([]byte(input))
+	hash := hasher.Sum(nil)
+
+	return hex.EncodeToString(hash)
+}
+
 // CleanHost follow the format of mse-ops for host.
 func CleanHost(host string) string {
-	if host == "*" {
+	return convertToDNSLabelValid(host)
-		return "global"
-	}
-
-	if strings.HasPrefix(host, "*") {
-		host = strings.ReplaceAll(host, "*", "global-")
-	}
-
-	return strings.ReplaceAll(host, ".", "-")
 }
 
 func CreateConvertedName(items ...string) string {

pkg/ingress/kube/ingress/controller.go

@@ -373,7 +373,6 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 	}
 
 	for _, rule := range ingressV1Beta.Rules {
-		cleanHost := common.CleanHost(rule.Host)
 		// Need create builder for every rule.
 		domainBuilder := &common.IngressDomainBuilder{
 			ClusterId: c.options.ClusterId,
@@ -401,7 +400,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 				Port: &networking.Port{
 					Number:   80,
 					Protocol: string(protocol.HTTP),
-					Name:     common.CreateConvertedName("http-80-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost),
+					Name:     common.CreateConvertedName("http-80-ingress", c.options.ClusterId),
 				},
 				Hosts: []string{rule.Host},
 			})
@@ -446,7 +445,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 			Port: &networking.Port{
 				Number:   443,
 				Protocol: string(protocol.HTTPS),
-				Name:     common.CreateConvertedName("https-443-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost),
+				Name:     common.CreateConvertedName("https-443-ingress", c.options.ClusterId),
 			},
 			Hosts: []string{rule.Host},
 			Tls: &networking.ServerTLSSettings{

pkg/ingress/kube/ingressv1/controller.go

@@ -358,7 +358,6 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 	}
 
 	for _, rule := range ingressV1.Rules {
-		cleanHost := common.CleanHost(rule.Host)
 		// Need create builder for every rule.
 		domainBuilder := &common.IngressDomainBuilder{
 			ClusterId: c.options.ClusterId,
@@ -386,7 +385,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 				Port: &networking.Port{
 					Number:   80,
 					Protocol: string(protocol.HTTP),
-					Name:     common.CreateConvertedName("http-80-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost),
+					Name:     common.CreateConvertedName("http-80-ingress", c.options.ClusterId),
 				},
 				Hosts: []string{rule.Host},
 			})
@@ -431,7 +430,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 			Port: &networking.Port{
 				Number:   443,
 				Protocol: string(protocol.HTTPS),
-				Name:     common.CreateConvertedName("https-443-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost),
+				Name:     common.CreateConvertedName("https-443-ingress", c.options.ClusterId),
 			},
 			Hosts: []string{rule.Host},
 			Tls: &networking.ServerTLSSettings{

pkg/ingress/kube/kingress/controller.go

@@ -16,7 +16,6 @@ package kingress
 
 import (
 	"fmt"
-	"github.com/alibaba/higress/pkg/ingress/kube/annotations"
 	"path"
 	"reflect"
 	"sort"
@@ -24,7 +23,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/alibaba/higress/pkg/kube"
 	"github.com/hashicorp/go-multierror"
 	networking "istio.io/api/networking/v1alpha3"
 	"istio.io/istio/pilot/pkg/model"
@@ -46,10 +44,12 @@ import (
 	ingress "knative.dev/networking/pkg/apis/networking/v1alpha1"
 	networkingv1alpha1 "knative.dev/networking/pkg/client/listers/networking/v1alpha1"
 
+	"github.com/alibaba/higress/pkg/ingress/kube/annotations"
 	"github.com/alibaba/higress/pkg/ingress/kube/common"
 	"github.com/alibaba/higress/pkg/ingress/kube/kingress/resources"
 	"github.com/alibaba/higress/pkg/ingress/kube/secret"
 	. "github.com/alibaba/higress/pkg/ingress/log"
+	"github.com/alibaba/higress/pkg/kube"
 )
 
 var (
@@ -337,7 +337,6 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 
 	for _, rule := range kingressv1alpha1.Rules {
 		for _, ruleHost := range rule.Hosts {
-			cleanHost := common.CleanHost(ruleHost)
 			// Need create builder for every rule.
 			domainBuilder := &common.IngressDomainBuilder{
 				ClusterId: c.options.ClusterId,
@@ -364,7 +363,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 						Port: &networking.Port{
 							Number:   8081,
 							Protocol: string(protocol.HTTP),
-							Name:     common.CreateConvertedName("http-8081-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost),
+							Name:     common.CreateConvertedName("http-8081-ingress", c.options.ClusterId),
 						},
 						Hosts: []string{ruleHost},
 					})
@@ -374,7 +373,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 						Port: &networking.Port{
 							Number:   80,
 							Protocol: string(protocol.HTTP),
-							Name:     common.CreateConvertedName("http-80-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost),
+							Name:     common.CreateConvertedName("http-80-ingress", c.options.ClusterId),
 						},
 						Hosts: []string{ruleHost},
 					})
@@ -436,7 +435,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 				Port: &networking.Port{
 					Number:   443,
 					Protocol: string(protocol.HTTPS),
-					Name:     common.CreateConvertedName("https-443-ingress", c.options.ClusterId, cfg.Namespace, cfg.Name, cleanHost),
+					Name:     common.CreateConvertedName("https-443-ingress", c.options.ClusterId),
 				},
 				Hosts: []string{ruleHost},
 				Tls: &networking.ServerTLSSettings{

test/e2e/conformance/tests/httproute-hostname-same-namespace.go

@@ -113,6 +113,39 @@ var HTTPRouteHostNameSameNamespace = suite.ConformanceTest{
 					},
 				},
 			},
+			{
+				Meta: http.AssertionMeta{
+					TargetBackend:   "infra-backend-v2",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Path: "/bar",
+						Host: "api.bar.com",
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode: 200,
+					},
+				},
+			}, {
+				Meta: http.AssertionMeta{
+					TargetBackend:   "infra-backend-v3",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Path: "/bar",
+						Host: "api-bar.com",
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode: 200,
+					},
+				},
+			},
 		}
 
 		t.Run("HTTP request should reach infra-backend with different hostname", func(t *testing.T) {

test/e2e/conformance/tests/httproute-hostname-same-namespace.yaml

@@ -70,3 +70,23 @@ spec:
             name: infra-backend-v1
             port:
               number: 8080
+  - host: "api.bar.com"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/bar"
+        backend:
+          service:
+            name: infra-backend-v2
+            port:
+              number: 8080
+  - host: "api-bar.com"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/bar"
+        backend:
+          service:
+            name: infra-backend-v3
+            port:
+              number: 8080

test/e2e/conformance/tests/httproute-https-without-sni.go

@@ -0,0 +1,105 @@
+// Copyright (c) 2022 Alibaba Group Holding Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tests
+
+import (
+	"testing"
+
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/alibaba/higress/test/e2e/conformance/utils/cert"
+	"github.com/alibaba/higress/test/e2e/conformance/utils/http"
+	"github.com/alibaba/higress/test/e2e/conformance/utils/kubernetes"
+	"github.com/alibaba/higress/test/e2e/conformance/utils/suite"
+)
+
+func init() {
+	Register(HTTPHttpsWithoutSni)
+}
+
+var HTTPHttpsWithoutSni = suite.ConformanceTest{
+	ShortName:   "HTTPHttpsWithoutSni",
+	Description: "A single Ingress in the higress-conformance-infra namespace for https without sni.",
+	Manifests:   []string{"tests/httproute-https-without-sni.yaml"},
+	Features:    []suite.SupportedFeature{suite.HTTPConformanceFeature},
+	Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
+		// Prepare secrets for testcases
+		_, _, caCert, caKey := cert.MustGenerateCaCert(t)
+		svcCertOut, svcKeyOut := cert.MustGenerateCertWithCA(t, cert.ServerCertType, caCert, caKey, []string{"foo.com"})
+		fooSecret := kubernetes.ConstructTLSSecret("higress-conformance-infra", "foo-secret", svcCertOut.Bytes(), svcKeyOut.Bytes())
+		suite.Applier.MustApplyObjectsWithCleanup(t, suite.Client, suite.TimeoutConfig, []client.Object{fooSecret}, suite.Cleanup)
+
+		testcases := []http.Assertion{
+			{
+				Meta: http.AssertionMeta{
+					TestCaseName:    "case 1: with sni",
+					TargetBackend:   "infra-backend-v2",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Path: "/foo",
+						Host: "foo.com",
+						TLSConfig: &http.TLSConfig{
+							SNI: "foo.com",
+						},
+					},
+					ExpectedRequest: &http.ExpectedRequest{
+						Request: http.Request{
+							Path: "/foo",
+							Host: "foo.com",
+						},
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode: 200,
+					},
+				},
+			},
+			{
+				Meta: http.AssertionMeta{
+					TestCaseName:    "case 1: without sni",
+					TargetBackend:   "infra-backend-v2",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Path:      "/foo",
+						Host:      "foo.com",
+						TLSConfig: &http.TLSConfig{},
+					},
+					ExpectedRequest: &http.ExpectedRequest{
+						Request: http.Request{
+							Path: "/foo",
+							Host: "foo.com",
+						},
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode: 200,
+					},
+				},
+			},
+		}
+
+		t.Run("HTTPS without SNI", func(t *testing.T) {
+			for _, testcase := range testcases {
+				http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, suite.GatewayAddress, testcase)
+			}
+		})
+	},
+}

test/e2e/conformance/tests/httproute-https-without-sni.yaml

@@ -0,0 +1,56 @@
+# Copyright (c) 2022 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: httproute-https-without-sni-global
+  namespace: higress-conformance-infra
+spec:
+  ingressClassName: higress
+  tls:
+    - secretName: foo-secret
+  rules:
+    - http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: infra-backend-v1
+                port:
+                  number: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: httproute-https-without-sni-domain
+  namespace: higress-conformance-infra
+spec:
+  ingressClassName: higress
+  tls:
+    - hosts:
+        - "foo.com"
+      secretName: foo-secret
+  rules:
+    - host: "foo.com"
+      http:
+        paths:
+          - pathType: Exact
+            path: "/foo"
+            backend:
+              service:
+                name: infra-backend-v2
+                port:
+                  number: 8080