StripTrailingHostDot: Expose new configuration option to enable Envoy removal of trailing dot on hostnames (#6792)

* Add strip trailing host dot option from Envoy

Signed-off-by: David Sale <[email protected]>

* Rebase from main and apply code review suggestions

Signed-off-by: David Sale <[email protected]>

* Add missing changelog file for the PR 6792

Signed-off-by: David Sale <[email protected]>

---------

Signed-off-by: David Sale <[email protected]>

Author: saley89

apis/projectcontour/v1alpha1/contourconfig.go

@@ -736,6 +736,19 @@ type NetworkParameters struct {
 	// Contour's default is 9001.
 	// +optional
 	EnvoyAdminPort *int `json:"adminPort,omitempty"`
+
+	// EnvoyStripTrailingHostDot defines if trailing dot of the host should be removed from host/authority header
+	// before any processing of request by HTTP filters or routing. This
+	// affects the upstream host header. Without setting this option to true, incoming
+	// requests with host example.com. will not match against route with domains
+	// match set to example.com.
+	//
+	// See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=strip_trailing_host_dot
+	// for more information.
+	//
+	// Contour's default is false.
+	// +optional
+	EnvoyStripTrailingHostDot *bool `json:"stripTrailingHostDot,omitempty"`
 }
 
 // RateLimitServiceConfig defines properties of a global Rate Limit Service.

apis/projectcontour/v1alpha1/zz_generated.deepcopy.go

@@ -0,0 +1 @@
+Adds a new configuration option `strip-trailing-host-dot` which defines if trailing dot of the host should be removed from host/authority header before any processing of request by HTTP filters or routing.

changelogs/unreleased/6792-saley89-small.md

@@ -464,6 +464,7 @@ func (s *Server) doServe() error {
 		MergeSlashes:                  !*contourConfiguration.Envoy.Listener.DisableMergeSlashes,
 		ServerHeaderTransformation:    contourConfiguration.Envoy.Listener.ServerHeaderTransformation,
 		XffNumTrustedHops:             *contourConfiguration.Envoy.Network.XffNumTrustedHops,
+		StripTrailingHostDot:          *contourConfiguration.Envoy.Network.EnvoyStripTrailingHostDot,
 		ConnectionBalancer:            contourConfiguration.Envoy.Listener.ConnectionBalancer,
 		MaxRequestsPerConnection:      contourConfiguration.Envoy.Listener.MaxRequestsPerConnection,
 		HTTP2MaxConcurrentStreams:     contourConfiguration.Envoy.Listener.HTTP2MaxConcurrentStreams,

cmd/contour/serve.go

@@ -580,8 +580,9 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_v1alpha1.Co
 				},
 			},
 			Network: &contour_v1alpha1.NetworkParameters{
-				XffNumTrustedHops: &ctx.Config.Network.XffNumTrustedHops,
-				EnvoyAdminPort:    &ctx.Config.Network.EnvoyAdminPort,
+				XffNumTrustedHops:         &ctx.Config.Network.XffNumTrustedHops,
+				EnvoyAdminPort:            &ctx.Config.Network.EnvoyAdminPort,
+				EnvoyStripTrailingHostDot: &ctx.Config.Network.EnvoyStripTrailingHostDot,
 			},
 		},
 		Gateway: gatewayConfig,

cmd/contour/servecontext.go

@@ -483,8 +483,9 @@ func TestConvertServeContext(t *testing.T) {
 					},
 				},
 				Network: &contour_v1alpha1.NetworkParameters{
-					EnvoyAdminPort:    ptr.To(9001),
-					XffNumTrustedHops: ptr.To(uint32(0)),
+					EnvoyAdminPort:            ptr.To(9001),
+					XffNumTrustedHops:         ptr.To(uint32(0)),
+					EnvoyStripTrailingHostDot: ptr.To(false),
 				},
 			},
 			Gateway: nil,

cmd/contour/servecontext_test.go

@@ -521,6 +521,17 @@ spec:
                           Contour's default is 0.
                         format: int32
                         type: integer
+                      stripTrailingHostDot:
+                        description: |-
+                          EnvoyStripTrailingHostDot defines if trailing dot of the host should be removed from host/authority header
+                          before any processing of request by HTTP filters or routing. This
+                          affects the upstream host header. Without setting this option to true, incoming
+                          requests with host example.com. will not match against route with domains
+                          match set to example.com.
+                          See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=strip_trailing_host_dot
+                          for more information.
+                          Contour's default is false.
+                        type: boolean
                     type: object
                   service:
                     description: |-
@@ -4337,6 +4348,17 @@ spec:
                               Contour's default is 0.
                             format: int32
                             type: integer
+                          stripTrailingHostDot:
+                            description: |-
+                              EnvoyStripTrailingHostDot defines if trailing dot of the host should be removed from host/authority header
+                              before any processing of request by HTTP filters or routing. This
+                              affects the upstream host header. Without setting this option to true, incoming
+                              requests with host example.com. will not match against route with domains
+                              match set to example.com.
+                              See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=strip_trailing_host_dot
+                              for more information.
+                              Contour's default is false.
+                            type: boolean
                         type: object
                       service:
                         description: |-

examples/contour/01-crds.yaml

@@ -736,6 +736,17 @@ spec:
                           Contour's default is 0.
                         format: int32
                         type: integer
+                      stripTrailingHostDot:
+                        description: |-
+                          EnvoyStripTrailingHostDot defines if trailing dot of the host should be removed from host/authority header
+                          before any processing of request by HTTP filters or routing. This
+                          affects the upstream host header. Without setting this option to true, incoming
+                          requests with host example.com. will not match against route with domains
+                          match set to example.com.
+                          See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=strip_trailing_host_dot
+                          for more information.
+                          Contour's default is false.
+                        type: boolean
                     type: object
                   service:
                     description: |-
@@ -4552,6 +4563,17 @@ spec:
                               Contour's default is 0.
                             format: int32
                             type: integer
+                          stripTrailingHostDot:
+                            description: |-
+                              EnvoyStripTrailingHostDot defines if trailing dot of the host should be removed from host/authority header
+                              before any processing of request by HTTP filters or routing. This
+                              affects the upstream host header. Without setting this option to true, incoming
+                              requests with host example.com. will not match against route with domains
+                              match set to example.com.
+                              See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=strip_trailing_host_dot
+                              for more information.
+                              Contour's default is false.
+                            type: boolean
                         type: object
                       service:
                         description: |-

examples/render/contour-deployment.yaml

@@ -532,6 +532,17 @@ spec:
                           Contour's default is 0.
                         format: int32
                         type: integer
+                      stripTrailingHostDot:
+                        description: |-
+                          EnvoyStripTrailingHostDot defines if trailing dot of the host should be removed from host/authority header
+                          before any processing of request by HTTP filters or routing. This
+                          affects the upstream host header. Without setting this option to true, incoming
+                          requests with host example.com. will not match against route with domains
+                          match set to example.com.
+                          See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=strip_trailing_host_dot
+                          for more information.
+                          Contour's default is false.
+                        type: boolean
                     type: object
                   service:
                     description: |-
@@ -4348,6 +4359,17 @@ spec:
                               Contour's default is 0.
                             format: int32
                             type: integer
+                          stripTrailingHostDot:
+                            description: |-
+                              EnvoyStripTrailingHostDot defines if trailing dot of the host should be removed from host/authority header
+                              before any processing of request by HTTP filters or routing. This
+                              affects the upstream host header. Without setting this option to true, incoming
+                              requests with host example.com. will not match against route with domains
+                              match set to example.com.
+                              See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=strip_trailing_host_dot
+                              for more information.
+                              Contour's default is false.
+                            type: boolean
                         type: object
                       service:
                         description: |-

examples/render/contour-gateway-provisioner.yaml

@@ -557,6 +557,17 @@ spec:
                           Contour's default is 0.
                         format: int32
                         type: integer
+                      stripTrailingHostDot:
+                        description: |-
+                          EnvoyStripTrailingHostDot defines if trailing dot of the host should be removed from host/authority header
+                          before any processing of request by HTTP filters or routing. This
+                          affects the upstream host header. Without setting this option to true, incoming
+                          requests with host example.com. will not match against route with domains
+                          match set to example.com.
+                          See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=strip_trailing_host_dot
+                          for more information.
+                          Contour's default is false.
+                        type: boolean
                     type: object
                   service:
                     description: |-
@@ -4373,6 +4384,17 @@ spec:
                               Contour's default is 0.
                             format: int32
                             type: integer
+                          stripTrailingHostDot:
+                            description: |-
+                              EnvoyStripTrailingHostDot defines if trailing dot of the host should be removed from host/authority header
+                              before any processing of request by HTTP filters or routing. This
+                              affects the upstream host header. Without setting this option to true, incoming
+                              requests with host example.com. will not match against route with domains
+                              match set to example.com.
+                              See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=strip_trailing_host_dot
+                              for more information.
+                              Contour's default is false.
+                            type: boolean
                         type: object
                       service:
                         description: |-