Skip to main content
logoTetrate Istio SubscriptionVersion: Next

TIS1502 - More Than One Kubernetes Gateway Exists for the Same Address and Type Combination

More than one Kubernetes Gateway resource exists for the same address and type combination, which can lead to conflicts and undefined behavior.

Recommendation: Avoid Duplicate Gateways for the Same Address and Type Combination

To prevent conflicts and ensure reliable behavior, remove duplicate Gateway resources or merge them into a single resource for the same address and type combination.

Examples

  1. Two Gateways Configured with the Same Address and Type

    First Gateway:

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: Gateway
    metadata:
      name: gateway-1
      namespace: example-namespace
    spec:
      addresses:
      - type: IPAddress
        value: "192.168.1.1"
      listeners:
      - name: http
        port: 80
        protocol: HTTP

    Second Gateway:

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: Gateway
    metadata:
      name: gateway-2
      namespace: example-namespace
    spec:
      addresses:
      - type: IPAddress
        value: "192.168.1.1"
      listeners:
      - name: https
        port: 443
        protocol: HTTPS

    Explanation: Both Gateway resources are configured to use the same IP address (192.168.1.1) and address type (IPAddress). The Kubernetes Gateway API does not support having multiple Gateway resources with the same address and type combination, leading to potential conflicts and undefined behavior.

Recommendation

Remove or merge the duplicate Kubernetes gateway entries to avoid conflicts.

  1. Remove One of the Duplicate Gateways

    If only one of the Gateway resources is required, delete the duplicate to resolve the conflict.

    kubectl delete gateway gateway-2 -n example-namespace

    Explanation: Removing the duplicate gateway ensures that only one Gateway resource is responsible for managing the given address, preventing conflicts.

  2. Merge the Gateways into a Single Gateway

    If the functionality of both gateways is needed, merge the configurations into a single Gateway resource.

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: Gateway
    metadata:
      name: merged-gateway
      namespace: example-namespace
    spec:
      addresses:
      - type: IPAddress
        value: "192.168.1.1"
      listeners:
      - name: http
        port: 80
        protocol: HTTP
      - name: https
        port: 443
        protocol: HTTPS
        tls:
          mode: Terminate
          certificateRefs:
          - name: example-cert

    Explanation: Merging both Gateway resources into one ensures a consistent configuration and prevents conflicts related to having multiple gateways for the same address and type combination.