(apigw/httproute) Add support to disable traffic with weight 0 in services#23216
Conversation
sujay-hashicorp
added
pr/no-changelog
sujay-hashicorp
changed the title
sujay-hashicorp
force-pushed
the
sujay/fix/route-weight-0
branch
from
08b2d33 to
1472d47
Compare
sujay-hashicorp
added
backport/all
sujay-hashicorp
changed the title
sujay-hashicorp
added
the
pr/do-not-merge
| @@ -105,8 +105,19 @@ func (e *HTTPRouteConfigEntry) Normalize() error { | |||
| rule.Matches[j] = normalizeHTTPMatch(match) | |||
| } | |||
|
|
|||
| allServicesHaveZeroWeight := len(rule.Services) > 0 | |||
There was a problem hiding this comment.
this is misleading, why can't we simply have
allServicesHaveZeroWeight := true
There was a problem hiding this comment.
Sure, I have updated it to true. It was set like this so to skip extra processing in cases where there are no services. But I think HTTPRoute must have at least 1 service.
sujay-hashicorp
force-pushed
the
sujay/fix/route-weight-0
branch
from
1472d47 to
67d104e
Compare
sujay-hashicorp
force-pushed
the
sujay/fix/route-weight-0
branch
2 times, most recently
from
73e47ae to
9e8325a
Compare
…of setting it 1 explicitly
sujay-hashicorp
force-pushed
the
sujay/fix/route-weight-0
branch
from
9e8325a to
6c84033
Compare
| service.Merge(e.GetEnterpriseMeta()) | ||
| service.Normalize() | ||
| if service.Weight <= 0 { | ||
| if service.Weight < 0 { |
There was a problem hiding this comment.
Wouldn't this reintroduce the same issue again? This normalisation layer looks fine, but down the discovery chain, the 0-weight services would get skipped here and at the end of the loop no spiltter would be created.
Will this handled by Envoy now? If yes, can we add some test coverage to ensure that we return 503?
There was a problem hiding this comment.
The above issue was addressed by normalizing 0 weight to 1 by default. Because envoy had not added a support for 0 weight by then. Now after testing I see envoy supports 0 weight so it should not reintroduce the issue.
krutibaraiya
left a comment
krutibaraiya
left a comment
There was a problem hiding this comment.
LGTM - all relevant cases have been tested by Sujay.
hc-github-team-consul-core
added
backport/1.22
sujay-hashicorp
removed
the
pr/do-not-merge
|
📣 Hi @sujay-hashicorp! a backport is missing for this PR [23216] for versions [1.18,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
1 similar comment
|
📣 Hi @sujay-hashicorp! a backport is missing for this PR [23216] for versions [1.18,1.21] please perform the backport manually and add the following snippet to your backport PR description: |
4 participants
Description
This PR fixes Consul API Gateway behavior for Kubernetes
HTTPRoutebackends withweight: 0.Previously,
HTTPRoutenormalization converted allweight <= 0values to1, which caused explicitweight: 0backends to still receive traffic. This conflicted with Gateway API expectations and customer-observed behavior.This change updates normalization logic to:
weight: 0(so zero-weight backends can be excluded from traffic).Links
Tests
weight: 0does not receive any traffic.HTTPRoute config output
$ consul config read -kind http-route -name quill-route{ "Kind": "http-route", "Name": "quill-route", "Parents": [ { "Kind": "api-gateway", "Name": "api-gateway", "SectionName": "http-listener" } ], "Rules": [ { "Filters": { "Headers": null, "URLRewrite": null, "RetryFilter": null, "TimeoutFilter": null, "JWT": null }, "ResponseFilters": { "Headers": null }, "Matches": [ { "Headers": null, "Method": "", "Path": { "Match": "prefix", "Value": "/" }, "Query": null } ], "Services": [ { "Name": "quill-v1", "Weight": 0, "Filters": { "Headers": null, "URLRewrite": null, "RetryFilter": null, "TimeoutFilter": null, "JWT": null }, "ResponseFilters": { "Headers": null } }, { "Name": "quill-v2", "Weight": 100, "Filters": { "Headers": null, "URLRewrite": null, "RetryFilter": null, "TimeoutFilter": null, "JWT": null }, "ResponseFilters": { "Headers": null } } ] } ], "Hostnames": null, "CreateIndex": 43, "ModifyIndex": 80, "Status": { "Conditions": [ { "Type": "Accepted", "Status": "True", "Reason": "Accepted", "Message": "route is valid", "Resource": { "Kind": "", "Name": "", "SectionName": "" }, "LastTransitionTime": "2026-02-16T08:17:57.943208Z" }, { "Type": "Bound", "Status": "True", "Reason": "Bound", "Message": "successfully bound route", "Resource": { "Kind": "api-gateway", "Name": "api-gateway", "SectionName": "http-listener" }, "LastTransitionTime": "2026-02-16T08:17:57.943215Z" } ] } }Traffic Distribution
case 1:
case 2:
PR Checklist
PCI review checklist
I have documented a clear reason for, and description of, the change I am making.
If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
If applicable, I've documented the impact of any changes to security controls.
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.