jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-05-24 20:57:31 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
69523292cbf3cfe4b7cffcbe21ef39d155b39706
higress/pkg/ingress/kube/gateway/istio/testdata/isolation.yaml
EndlessSeeker b2b4f72775 Feat: upgrade istio from 1.19.5 to 1.27.1 (#3066)
2025-11-20 14:43:30 +08:00

131 lines
4.0 KiB
YAML
Raw Blame History

apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: isolation
namespace: gateway-conformance-infra
spec:
gatewayClassName: "istio"
listeners:
- name: empty-hostname
port: 80
protocol: HTTP
allowedRoutes:
namespaces:
from: All
- name: wildcard-example-com
port: 80
protocol: HTTP
hostname: "*.example.com"
allowedRoutes:
namespaces:
from: All
- name: wildcard-foo-example-com
port: 80
protocol: HTTP
hostname: "*.foo.example.com"
allowedRoutes:
namespaces:
from: All
- name: abc-foo-example-com
port: 80
protocol: HTTP
hostname: "abc.foo.example.com"
allowedRoutes:
namespaces:
from: All
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: attaches-to-empty-hostname-with-hostname-intersection
namespace: gateway-conformance-infra
spec:
parentRefs:
- name: isolation
namespace: gateway-conformance-infra
sectionName: empty-hostname
hostnames:
- "bar.com"
- "*.example.com" # request matching is prevented by the isolation wildcard-example-com listener
- "*.foo.example.com" # request matching is prevented by the isolation wildcard-foo-example-com listener
- "abc.foo.example.com" # request matching is prevented by the isolation of abc-foo-example-com listener
rules:
- matches:
- path:
type: PathPrefix
value: /empty-hostname
backendRefs:
- name: infra-backend-v1
port: 8080
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: attaches-to-wildcard-example-com-with-hostname-intersection
namespace: gateway-conformance-infra
spec:
parentRefs:
- name: isolation
namespace: gateway-conformance-infra
sectionName: wildcard-example-com
hostnames:
- "bar.com" # doesn't match wildcard-example-com listener
- "*.example.com"
- "*.foo.example.com" # request matching is prevented by the isolation of wildcard-foo-example-com listener
- "abc.foo.example.com" # request matching is prevented by the isolation of abc-foo-example-com listener
rules:
- matches:
- path:
type: PathPrefix
value: /wildcard-example-com
backendRefs:
- name: infra-backend-v1
port: 8080
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: attaches-to-wildcard-foo-example-com-with-hostname-intersection
namespace: gateway-conformance-infra
spec:
parentRefs:
- name: isolation
namespace: gateway-conformance-infra
sectionName: wildcard-foo-example-com
hostnames:
- "bar.com" # doesn't match wildcard-foo-example-com listener
- "*.example.com" # this becomes *.foo.example.com, as the hostname cannot be less specific than *.foo.example.com of the listener
- "*.foo.example.com"
- "abc.foo.example.com" # request matching is prevented by the isolation abc-foo-example-com listener
rules:
- matches:
- path:
type: PathPrefix
value: /wildcard-foo-example-com
backendRefs:
- name: infra-backend-v1
port: 8080
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: attaches-to-abc-foo-example-com-with-hostname-intersection
namespace: gateway-conformance-infra
spec:
parentRefs:
- name: isolation
namespace: gateway-conformance-infra
sectionName: abc-foo-example-com
hostnames:
- "bar.com" # doesn't match abc-foo-example-com listener
- "*.example.com" # becomes abc.foo.example.com as it cannot be less specific than abc.foo.example.com of the listener
- "*.foo.example.com" # becomes abc.foo.example.com as it cannot be less specific than abc.foo.example.com of the listener
- "abc.foo.example.com"
rules:
- matches:
- path:
type: PathPrefix
value: /abc-foo-example-com
backendRefs:
- name: infra-backend-v1
port: 8080
Reference in New Issue View Git Blame Copy Permalink