fix: HealthCheck should respect endpoint hostname

[zirain]

fix: #8848

[netlify]

✅ Deploy Preview for cerulean-figolla-1f9435 ready!

Name	Link
🔨 Latest commit	4644cd8
🔍 Latest deploy log	https://app.netlify.com/projects/cerulean-figolla-1f9435/deploys/69fad47fe8f97c0008f463df
😎 Deploy Preview	https://deploy-preview-8854--cerulean-figolla-1f9435.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

❌ Patch coverage is 92.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.72%. Comparing base (69b1dde) to head (4644cd8).

Files with missing lines	Patch %	Lines
internal/xds/translator/cluster.go	92.00%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8854      +/-   ##
==========================================
- Coverage   74.73%   74.72%   -0.02%     
==========================================
  Files         251      251              
  Lines       40360    40379      +19     
==========================================
+ Hits        30165    30175      +10     
- Misses       8130     8135       +5     
- Partials     2065     2069       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f2d4d6a8a3

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[albsga4]

Nice approach — passing the URLRewrite directly to the xDS translator is cleaner than adding a new IR field. Tested locally with a gatewayapi golden test for hostname.type: Backend (auto-host-rewrite via HTTPRouteFilter ExtensionRef) and it works correctly on your branch.

The unit test in cluster_test.go covers the xDS level well. One suggestion: a gatewayapi integration test would also cover the full flow (HTTPRouteFilter → IR → xDS). Feel free to grab the test input from my PR: backendtrafficpolicy-with-healthcheck-auto-host-rewrite.in.yaml

It has two routes:

1. Auto-host-rewrite + no explicit http.hostname → health check uses Backend.endpoint.hostname
2. Auto-host-rewrite + explicit http.hostname → explicit value wins

I'll close #8851 in favor of this PR. Thanks for taking this on!

[zirain]

@copilot resolve the merge conflicts in this pull request

[arkodg]

imo irrespective of URL rewrite being enabled or not, the endpoint hostname should be used if healthCheck host is unset

[zirain]

imo irrespective of URL rewrite being enabled or not, the endpoint hostname should be used if healthCheck host is unset

I do believe we should use Endpoint hostname by default if we don't care aboud backward compatibility.

[albsga4]

Tested hostname.type: Backend with two FQDN backends without the explicit hostname field on the Backend endpoint. Routing works (Envoy uses the FQDN address for STRICT_DNS auto_host_rewrite), but health checks get nothing because ep.Hostname is nil.

Suggested a fallback to ep.Host (the FQDN address) so users don't need to duplicate the FQDN.

[albsga4]

Requesting changes: hostname.type: Backend with FQDN backends that don't set the explicit hostname field results in no per-endpoint health check hostname. See suggestion for fallback to ep.Host.

[albsga4]

The hostname field on BackendEndpoint was added in #6503 / #6280 specifically for IP-based backends where there is no DNS name for auto_host_rewrite to use. For FQDN backends, the FQDN address IS the hostname — forcing users to duplicate it doesn't add value.

Verified on a live cluster: auto_host_rewrite on STRICT_DNS correctly rewrites Host to the FQDN address for each endpoint, even without the explicit hostname field. But health checks get nothing because ep.Hostname is nil.

[arkodg]

imo we shouldnt be using route rewrite info which is for user requests for health check request semantics

[zirain]

Correct me if I'm wrong, when you rewrited the URL that mostly because the upstream may only accept the rewrited host(no matter it's from per-route or per-backend).

[arkodg]

Rewriting applies to user requests initiated by downstream
Health check requests are initiated by envoy with specific info of backend ( host, dns/ip)

[zirain]

Removed it now, we could add it back if needed in the future.

[arkodg]

can the title & examples be updated to not rely on URLRewrite for heathcheck semantics