HttpRoute updates changing the hostname make additive change but don't clean up old hostname route

[jseely]

Steps to reproduce:

1. Create an HttpRoute + Gateway combo like defined in the README
2. Update HttpRoute to use a new Hostname under the same domain

Expected Result:

1. New Hostname routes to the desired service
   a. DNS record exists for desired route to tunnel
   b. Ingress rule exists in tunnel to route from gateway to service
2. Old Hostname route is cleaned up and no longer gets routed
   a. DNS record has been removed from cloudflare
   b. Ingress rule is updated to block incoming traffic using the old hostname

Actual Result:

1. Works effectively
2. Neither 2.a nor 2.b occur
   a. DNS record still exists on domain
   b. Gateway Tunnel still routes old hostname to service

[pl4nty]

Just tested, 2b works for me - deleted routes are removed from config. Can you get controller logs please?

2a isn't implemented yet, I'll add to the README. I was hoping for more progress on GEP-2627 first, but that hasn't happened. Might get to it in the next couple months and take inspiration from ExternalDNS

[jseely]

Ok I can look into 2a.

As for 2b, it looks like the configuration gets updated correctly but maybe the cloudflared process doesn't reset the route properly and continues to direct traffic to the service, instead of replying with the 503 that that process does if the host isn't configured.

I'll get logs for you tomorrow.

[jseely]

Ok forgive the incorrect issue report. 2.b does in fact work. I must have had a cached version in the browser.

As for GEP-2627, is that something specified in the Gateway API spec? I might be able to take a look at implementing if you had an implementation path in mind or were open to whatever I came up with. My timeline would likely be this month.

[pl4nty]

Yeah GEP-2627 would add DNS config to the API spec, but I don't think it'll be ready anytime soon. For implementation, I see two options

• Add a finalizer to detect HTTPRoute deletion, remove the record, then remove the finalizer. The AWS gateway controller does this so it should be compliant
• Actually reconcile records. Would need to track which records we own, possibly via comment with gateway name? We already set a generic comment. I'd prefer to avoid this because I hit the Cloudflare API ratelimit pretty often already, more calls would slow down reconciliation even further. Not fully sure whether that's from the gateway though, or another service I run

[jseely]

Yeah the finalizer on the HttpRoute does seem the cleanest. I'm currently reevaluating my use of cloudflared due to cost associated with traffic and DNS hostnames, so I'll let you know if I do plan to continue use. If so I would be happy to contribute.