-
Notifications
You must be signed in to change notification settings - Fork 276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
config: separate wildcard hosts where possible #4193
base: main
Are you sure you want to change the base?
Conversation
Envoy supports virtual hosts with wildcard domains, as long as the wildcard token appears at the very beginning or the end of the domain (that is, Envoy supports suffix and prefix domain wildcards). Update the configuration builder logic to take advantage of this support whenever possible, using the current regex route matching as a fallback. This may improve routing performance in some cases, by reducing the size of the routing table for the catch-all virtual host. Add a utility method isSpecialWildcardHost() to determine whether a host has a wildcard token that is not at the very beginning or end. Update the existing route configuration test to add one of these special wildcard hosts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense to me. I don't know if we use the routable hosts anywhere that wouldn't understand *
, but if its just used for the virtual host I think it should work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So re-reading the docs, there's a subtle difference here. For us *x
would match just x
whereas with virtual hosts *x
means at-least-one character for *
. .*
vs .+
in regex.
Yes, it looks like there is a subtle difference between the current regex behavior and Envoy's wildcard handling. However, I think Envoy's behavior is reasonable. (To my knowledge it matches the behavior of wildcard certificates, for example.) Off hand, I can't think of a use case where I would want a wildcard to match the empty string. Do you think this would be an acceptable change in behavior? (If users really want a wildcard to also match nothing, they could work around this change by adding a duplicate route without the wildcard token.) |
We do have this exact case - we want to match So what we really need is |
Holding off until we can be sure we can support the resulting expansion in route table for our users' deployments. |
Summary
Envoy supports virtual hosts with wildcard domains, as long as the wildcard token appears at the very beginning or the end of the domain (that is, Envoy supports suffix and prefix domain wildcards). Update the configuration builder logic to take advantage of this support whenever possible, using the current regex route matching as a fallback.
This may improve routing performance in some cases, by reducing the size of the routing table for the catch-all virtual host.
Add a utility method isSpecialWildcardHost() to determine whether a host has a wildcard token that is not at the very beginning or end. Update the existing route configuration test to add one of these special wildcard hosts.
Related issues
User Explanation
Improve routing performance when many routes have
*
at the beginning or end of the from address.Checklist
improvement
/bug
/ etc)