fix: respect backend endpoint hostname for health checks#8929
Merged
arkodg merged 3 commits intoenvoyproxy:mainfrom May 8, 2026
Merged
fix: respect backend endpoint hostname for health checks#8929arkodg merged 3 commits intoenvoyproxy:mainfrom
arkodg merged 3 commits intoenvoyproxy:mainfrom
Conversation
✅ Deploy Preview for cerulean-figolla-1f9435 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a75aca7348
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| // If active HTTP health check has an explicit hostname override, keep that cluster-level host. | ||
| // A route-derived host is only a default, so Backend endpoint hostname can still override it | ||
| // through EndpointHealthCheckConfig. | ||
| if hc.Active.HTTP != nil && hc.Active.HTTP.Host != "" && hc.Active.HTTP.Host != "*" && !hc.Active.HTTP.HostFromRoute { |
There was a problem hiding this comment.
This change fixes user-visible health-check behavior and changes generated xDS by emitting Endpoint.HealthCheckConfig.hostname when the cluster-level host was only route-derived, but release-notes/current.yaml was not updated. The repo review checklist requires bug fixes (and generated Envoy config behavior changes) to be called out so operators relying on health-check behavior or xDS extensions can discover the change during upgrade.
Useful? React with 👍 / 👎.
zirain
reviewed
May 7, 2026
Comment on lines
+180
to
+183
| // Hostname defines the HTTP Host header used for active HTTP health checks. | ||
| // Host selection uses this order: this field, the associated Backend endpoint | ||
| // hostname if available, then the effective HTTPRoute or GRPCRoute hostname | ||
| // for the Gateway listener. |
Member
There was a problem hiding this comment.
the API changed in a patch release?
Contributor
Author
There was a problem hiding this comment.
changed the doc string, to highlight the API
Member
There was a problem hiding this comment.
need to update the v1.7 doc site manually, otherwise LGTM.
### Summary - Keep BackendTrafficPolicy HTTP health check hostnames as explicit cluster-level hosts, and leave route-derived host fallback to xDS cluster translation. - Preserve Backend endpoint hostnames as per-endpoint overrides via Endpoint.HealthCheckConfig.hostname, ahead of the route fallback. - Update gatewayapi/xDS fixtures, release notes, and generated API docs/CRDs for the host selection order. ### Test plan - go test ./internal/ir - go test ./internal/xds/translator - go test ./internal/gatewayapi -run TestTranslate/backendtrafficpolicy - go test ./internal/gatewayapi -run TestTranslate/(clienttrafficpolicy-http-health-check|envoyextensionpolicy-with-extproc-with-retries|envoyextensionpolicy-with-extproc-with-traffic-features|envoyproxy-accesslog-with-traffic|envoyproxy-tracing-backend-uds|envoyproxy-tracing-backend|securitypolicy-with-jwt-backendcluster|securitypolicy-with-jwt-backendsettings) - make generate - make manifests - git diff --check Signed-off-by: Arko Dasgupta <arkodg@gmail.com> Co-authored-by: Codex <noreply@openai.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8929 +/- ##
==========================================
- Coverage 74.74% 74.73% -0.01%
==========================================
Files 251 251
Lines 40372 40370 -2
==========================================
- Hits 30176 30171 -5
- Misses 8130 8132 +2
- Partials 2066 2067 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Member
|
@albsga4 will this help on your case? |
zhaohuabing
approved these changes
May 8, 2026
zirain
approved these changes
May 8, 2026
cnvergence
pushed a commit
to cnvergence/gateway
that referenced
this pull request
May 8, 2026
…8929) * fix: respect backend endpoint hostname for health checks - Keep BackendTrafficPolicy HTTP health check hostnames as explicit cluster-level hosts, and leave route-derived host fallback to xDS cluster translation. - Preserve Backend endpoint hostnames as per-endpoint overrides via Endpoint.HealthCheckConfig.hostname, ahead of the route fallback. - Update gatewayapi/xDS fixtures, release notes, and generated API docs/CRDs for the host selection order. - go test ./internal/ir - go test ./internal/xds/translator - go test ./internal/gatewayapi -run TestTranslate/backendtrafficpolicy - go test ./internal/gatewayapi -run TestTranslate/(clienttrafficpolicy-http-health-check|envoyextensionpolicy-with-extproc-with-retries|envoyextensionpolicy-with-extproc-with-traffic-features|envoyproxy-accesslog-with-traffic|envoyproxy-tracing-backend-uds|envoyproxy-tracing-backend|securitypolicy-with-jwt-backendcluster|securitypolicy-with-jwt-backendsettings) - make generate - make manifests - git diff --check Signed-off-by: Arko Dasgupta <arkodg@gmail.com> Co-authored-by: Codex <noreply@openai.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: Arko Dasgupta <arkodg@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Co-authored-by: Codex <noreply@openai.com> Co-authored-by: zirain <zirain2009@gmail.com>
cnvergence
pushed a commit
to cnvergence/gateway
that referenced
this pull request
May 8, 2026
…8929) * fix: respect backend endpoint hostname for health checks - Keep BackendTrafficPolicy HTTP health check hostnames as explicit cluster-level hosts, and leave route-derived host fallback to xDS cluster translation. - Preserve Backend endpoint hostnames as per-endpoint overrides via Endpoint.HealthCheckConfig.hostname, ahead of the route fallback. - Update gatewayapi/xDS fixtures, release notes, and generated API docs/CRDs for the host selection order. - go test ./internal/ir - go test ./internal/xds/translator - go test ./internal/gatewayapi -run TestTranslate/backendtrafficpolicy - go test ./internal/gatewayapi -run TestTranslate/(clienttrafficpolicy-http-health-check|envoyextensionpolicy-with-extproc-with-retries|envoyextensionpolicy-with-extproc-with-traffic-features|envoyproxy-accesslog-with-traffic|envoyproxy-tracing-backend-uds|envoyproxy-tracing-backend|securitypolicy-with-jwt-backendcluster|securitypolicy-with-jwt-backendsettings) - make generate - make manifests - git diff --check Signed-off-by: Arko Dasgupta <arkodg@gmail.com> Co-authored-by: Codex <noreply@openai.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: Arko Dasgupta <arkodg@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Co-authored-by: Codex <noreply@openai.com> Co-authored-by: zirain <zirain2009@gmail.com>
cnvergence
added a commit
that referenced
this pull request
May 9, 2026
* fix json report (#8614) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit 4768ca7) * fix: deep copy status in translator layer to avoid race (#8778) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> (cherry picked from commit 3f70a89) * fix: force HTTP1 for upstream connections for WS and WSS backends (#8699) * force HTTP1 for upstream connections for WS and WSS backends Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * use different clusters for mixed upstream protocols Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit 7633125) * fix: reason with multiple errors rejected validation (#8859) * fix: reason with multiple errors rejected validation Signed-off-by: zirain <zirain2009@gmail.com> * release notes Signed-off-by: zirain <zirain2009@gmail.com> * fix lint Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 7811d86) * feat(chart): Allow configuring envoy proxy image via helm chart (#8785) * feat: Allow configuring envoy proxy defaults via helm chart This commit is a continuation of the previous work to support supplying default proxy settings added in #7698 and adds three new chart values under `global.images.envoyProxy`: | Value | Type | Default | Description | |----------------------------------------|--------|------|---------------------------------------------------------------------| | `global.images.envoyProxy.image` | string | `""` | Full image name (`registry/repo:tag`) for the Envoy Proxy container | | `global.images.envoyProxy.pullPolicy` | string | `""` | Image pull policy | | `global.images.envoyProxy.pullSecrets` | list | `[]` | Image pull secrets | When any of these are set, the chart generates an `envoyProxy:` block inside the `EnvoyGateway` ConfigMap, wiring into the existing `EnvoyGatewaySpec.envoyProxy` field (added in #7698). The global `imageRegistry` override takes highest precedence, consistent with other chart components. Full EnvoyProxy defaults (replicas, resources, etc.) can be provided via `config.envoyGateway.envoyProxy`; the image values are merged on top. Closes #4764. Signed-off-by: Michael Sommerville <msommerville@gmail.com> (cherry picked from commit 8570285) * add rn and version bump Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: respect backend endpoint hostname for health checks (#8929) * fix: respect backend endpoint hostname for health checks - Keep BackendTrafficPolicy HTTP health check hostnames as explicit cluster-level hosts, and leave route-derived host fallback to xDS cluster translation. - Preserve Backend endpoint hostnames as per-endpoint overrides via Endpoint.HealthCheckConfig.hostname, ahead of the route fallback. - Update gatewayapi/xDS fixtures, release notes, and generated API docs/CRDs for the host selection order. - go test ./internal/ir - go test ./internal/xds/translator - go test ./internal/gatewayapi -run TestTranslate/backendtrafficpolicy - go test ./internal/gatewayapi -run TestTranslate/(clienttrafficpolicy-http-health-check|envoyextensionpolicy-with-extproc-with-retries|envoyextensionpolicy-with-extproc-with-traffic-features|envoyproxy-accesslog-with-traffic|envoyproxy-tracing-backend-uds|envoyproxy-tracing-backend|securitypolicy-with-jwt-backendcluster|securitypolicy-with-jwt-backendsettings) - make generate - make manifests - git diff --check Signed-off-by: Arko Dasgupta <arkodg@gmail.com> Co-authored-by: Codex <noreply@openai.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: Arko Dasgupta <arkodg@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Co-authored-by: Codex <noreply@openai.com> Co-authored-by: zirain <zirain2009@gmail.com> * update release notes Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix gen-check Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Revert "feat(chart): Allow configuring envoy proxy image via helm chart (#8785)" This reverts commit 092cc67. Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Michael Sommerville <msommerville@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Arko Dasgupta <arkodg@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Michael Sommerville <msommerville@gmail.com> Co-authored-by: Arko Dasgupta <arkodg@gmail.com> Co-authored-by: Codex <noreply@openai.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.