Skip to main content
logoTetrate Istio SubscriptionVersion: Next

TIS1501 - More Than One Kubernetes Gateway Exists for the Same Host-Port Combination

More than one Kubernetes Gateway resource exists for the same host-port combination, leading to conflicts and undefined behavior.

Recommendation: Avoid Duplicate Gateways for the Same Host-Port Combination

To prevent conflicts and ensure predictable behavior, remove duplicate Gateway resources or merge them into a single resource for the same host-port combination.

Examples

  1. Two Gateways Targeting the Same Host and Port

    First Gateway:

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: Gateway
    metadata:
      name: gateway-1
      namespace: example-namespace
    spec:
      listeners:
      - name: http
        port: 80
        protocol: HTTP
        hostname: "example.com"

    Second Gateway:

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: Gateway
    metadata:
      name: gateway-2
      namespace: example-namespace
    spec:
      listeners:
      - name: http
        port: 80
        protocol: HTTP
        hostname: "example.com"

    Explanation: Both Gateway resources define listeners for the same host (example.com) and port (80). This results in conflicting configurations, as the Kubernetes Gateway API does not support multiple Gateway resources managing the same host-port combination, leading to undefined behavior.

Recommendation

Remove or merge the duplicate Kubernetes gateway entries to avoid conflicts.

  1. Remove One of the Duplicate Gateways

    If the duplicate gateway is not required, delete it to resolve the conflict.

    kubectl delete gateway gateway-2 -n example-namespace

    Explanation: Removing the duplicate gateway ensures that only one Gateway resource is responsible for managing the host-port combination, preventing conflicts.

  2. Merge the Gateways into a Single Gateway

    If both gateways are needed, merge their configurations into a single Gateway resource to handle all required listeners.

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: Gateway
    metadata:
      name: merged-gateway
      namespace: example-namespace
    spec:
      listeners:
      - name: http
        port: 80
        protocol: HTTP
        hostname: "example.com"
      - name: https
        port: 443
        protocol: HTTPS
        hostname: "example.com"
        tls:
          mode: Terminate
          certificateRefs:
          - name: example-cert

    Explanation: Merging the Gateway resources into one allows a single Gateway to manage multiple listeners, reducing redundancy and preventing conflicts in the host-port combination.