Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

host2regex: doesn't take in consideration * #3296

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

MustafaSaber
Copy link
Member

@MustafaSaber MustafaSaber commented Nov 1, 2024

converting host from Ingress/RouteGroup for Host predicate doesn't take into consideration that Ingress support wildcard hostnames (see https://kubernetes.io/docs/concepts/services-networking/ingress/#hostname-wildcards) and we produce invalid regex

This PR adds testcases to reproduce the error, requires fix before merging.

following ingress produce

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: simple
  labels:
    name: simple
spec:
  rules:
  - host: "*.example.org"
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: simple
            port: 
              number: 80

Error:

[APP]time="2024-11-01T12:43:46Z" level=error msg="kube_default__simple_redirect_app_default_0____example_org_____ [2]: error parsing regexp: missing argument to repetition operator: *

fixes #3297

Signed-off-by: Mustafa Abdelrahman <mustafa.abdelrahman@zalando.de>
Signed-off-by: Mustafa Abdelrahman <mustafa.abdelrahman@zalando.de>
Signed-off-by: Mustafa Abdelrahman <mustafa.abdelrahman@zalando.de>
@MustafaSaber
Copy link
Member Author

maybe it's not a good idea to have this at all

},
} {
t.Run(ti.msg, func(t *testing.T) {
regex := createHostRx(ti.host)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

another idea is to update validation webhook to say if the host regex is valid

@MustafaSaber MustafaSaber added do-not-merge major moderate risk, for example new API, small filter changes that have no risk like refactoring or logs labels Nov 1, 2024
@@ -0,0 +1,3 @@
kube_foo__qux____example_org_____qux:
Host("^([a-z0-9]+(-[a-z0-9]+)?[.]example[.]org[.]?(:[0-9]+)?)$") && PathSubtree("/")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you want
^([a-z0-9][a-z0-9-]*)?[.]example....

Better also to write down in the issue what kind of match or regexp you want to create.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to match a valid hostname, it can't end or start with - I think this ([a-z0-9][a-z0-9-]*) can end with -

Copy link
Member

@szuecs szuecs Nov 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about foo-bar-qux.example , that your regexp doesn't match?

maybe:

^[a-z0-9]([a-z0-9-]*[a-z0-9])?[.]example....

Not sure if we need the capture group for the full first part of the hostname.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated the PR to match it, the new regex [a-z0-9]+((-[a-z0-9]+)?)*

Signed-off-by: Mustafa Abdelrahman <mustafa.abdelrahman@zalando.de>
@MustafaSaber
Copy link
Member Author

See #3297 (comment)

@MustafaSaber
Copy link
Member Author

@szuecs

A problem with the current implementation is that a request can flap between 2 or more routes

request to foo.example with

r: Host("*.example") -> <shunt>;
s: Host("foo.example") -> <shunt>;

@MustafaSaber MustafaSaber marked this pull request as draft November 8, 2024 10:17
@@ -15,6 +15,9 @@ func createHostRx(hosts ...string) string {

hrx := make([]string, len(hosts))
for i, host := range hosts {
if strings.HasPrefix(host, "*.") {
host = strings.Replace(host, "*", "[a-z0-9]+((-[a-z0-9]+)?)*", 1)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to verify this matches behaviour descibed at https://kubernetes.io/docs/concepts/services-networking/ingress/#hostname-wildcards

Makes sense to add this link as a comment.

Subdomain regexp looks strange with two capture groups using ? followed by *.

I guess subdomain shoud start and end with alphanumeric (not dash). Lets check this https://stackoverflow.com/questions/7930751/regexp-for-subdomain and similar answers and reuse/adopt regexp from there.

Copy link
Member

@szuecs szuecs Nov 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds like #3296 (comment) would be the one 😀
Limiting the size makes also sense as you linked and non ascii domain support is also great to have!

Copy link
Member Author

@MustafaSaber MustafaSaber Nov 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this one already works for all cases.
https://regex101.com/r/ziI6Sv/1

image

Copy link
Member Author

@MustafaSaber MustafaSaber Nov 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds like #3296 (comment) would be the one

yes this also works https://regex101.com/r/dNnhqk/1

@Jan-M
Copy link
Member

Jan-M commented Dec 12, 2024

Can this advance, e.g. with a feature toggle to support it? I would say potential conflicts can also be ruled user error and not skipper error.

What would be needed if you wanted to elevate the support? Weights? Warnings?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bugfix Bug fixes and patches do-not-merge major moderate risk, for example new API, small filter changes that have no risk like refactoring or logs
Projects
None yet
Development

Successfully merging this pull request may close these issues.

wildcard hostnames produce invalid regex for Host predicate
4 participants