CEL Validation: HTTPRoute Case-Insensitive Header Name Uniqueness #2277
Labels
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
Comments
k8s-ci-robot
added
the
lifecycle/frozen
|
/cc |
This was referenced Aug 15, 2023
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened:
Unfortunately CEL is not currently capable of validating the case-insensitive uniqueness of header names in header modifier filters. This is the only standard channel validation we are still reliant on the validating webhook for. @gauravkghildiyal already developed a CEL rule for this:
// +kubebuilder:validation:XValidation:message="Must not match the same header (case-insensitive) multiple times in the same rule",rule="self.all(h1, self.exists_one(h2, h1.name.lowerAscii() == h2.name.lowerAscii()))"Unfortunately there is a problem with CEL cost estimation that prevents this kubernetes/kubernetes#119749, @jpbetz is working on a fix for this.
Anything else we need to know?:
Given the Gateway API versioning policy to support the 5 latest minor Kubernetes versions, even when this is fixed upstream, it's going to be a long time before we can adopt this.
/lifecycle frozen
The text was updated successfully, but these errors were encountered: