add listener hostname check for specififcity

Author: sarthyparty

internal/mode/static/state/dataplane/configuration.go

@@ -70,17 +70,27 @@ func BuildConfiguration(
 
 // buildPassthroughServers builds TLSPassthroughServers from TLSRoutes attaches to listeners.
 func buildPassthroughServers(g *graph.Graph) []Layer4VirtualServer {
-	passthroughServers := make([]Layer4VirtualServer, 0)
+	passthroughServersMap := make(map[graph.L4RouteKey][]Layer4VirtualServer)
+	routeToListenerHostname := make(map[graph.L4RouteKey]*v1.Hostname)
+
 	for _, l := range g.Gateway.Listeners {
 		if !l.Valid {
 			continue
 		}
-		for _, r := range l.L4Routes {
+		for key, r := range l.L4Routes {
 			if !r.Valid {
 				continue
 			}
+
+			if _, ok := passthroughServersMap[key]; ok {
+				if listenerHostnameMoreSpecific(l.Source.Hostname, routeToListenerHostname[key]) {
+					continue
+				}
+				passthroughServersMap[key] = []Layer4VirtualServer{}
+			}
+
 			for _, h := range r.Spec.Hostnames {
-				passthroughServers = append(passthroughServers, Layer4VirtualServer{
+				passthroughServersMap[key] = append(passthroughServersMap[key], Layer4VirtualServer{
 					Hostname:     string(h),
 					UpstreamName: r.Spec.BackendRef.ServicePortReference(),
 					Port:         int32(l.Source.Port),
@@ -89,6 +99,12 @@ func buildPassthroughServers(g *graph.Graph) []Layer4VirtualServer {
 		}
 	}
 
+	passthroughServers := make([]Layer4VirtualServer, 0, len(passthroughServersMap))
+
+	for _, r := range passthroughServersMap {
+		passthroughServers = append(passthroughServers, r...)
+	}
+
 	return passthroughServers
 }
 

internal/mode/static/state/dataplane/configuration_test.go

@@ -13,6 +13,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	v1 "sigs.k8s.io/gateway-api/apis/v1"
 	"sigs.k8s.io/gateway-api/apis/v1alpha2"
@@ -3418,6 +3419,7 @@ func TestCreatePassthroughServers(t *testing.T) {
 					Source: v1.Listener{
 						Protocol: v1.TLSProtocolType,
 						Port:     443,
+						Hostname: ptr.To[v1.Hostname]("*.example.com"),
 					},
 					Routes: make(map[graph.RouteKey]*graph.L7Route),
 					L4Routes: map[graph.L4RouteKey]*graph.L4Route{
@@ -3453,6 +3455,43 @@ func TestCreatePassthroughServers(t *testing.T) {
 					},
 					Valid: true,
 				},
+				{
+					Name: "testingListener2",
+					Source: v1.Listener{
+						Protocol: v1.TLSProtocolType,
+						Port:     443,
+						Hostname: ptr.To[v1.Hostname]("cafe.example.com"),
+					},
+					Routes: make(map[graph.RouteKey]*graph.L7Route),
+					L4Routes: map[graph.L4RouteKey]*graph.L4Route{
+						{NamespacedName: types.NamespacedName{
+							Namespace: "default",
+							Name:      "secure-app",
+						}}: {
+							Spec: graph.L4RouteSpec{
+								Hostnames: []v1.Hostname{"app.example.com", "cafe.example.com"},
+								BackendRef: graph.BackendRef{
+									SvcNsName: types.NamespacedName{
+										Namespace: "default",
+										Name:      "secure-app",
+									},
+									ServicePort: apiv1.ServicePort{
+										Name:     "https",
+										Protocol: "TCP",
+										Port:     8443,
+										TargetPort: intstr.IntOrString{
+											Type:   intstr.Int,
+											IntVal: 8443,
+										},
+									},
+									Valid: true,
+								},
+							},
+							Valid: true,
+						},
+					},
+					Valid: true,
+				},
 			},
 		},
 	}