@@ -72,16 +72,11 @@ func ReplaceConnectorClusters(
7272}
7373
7474// ApplyConnectorRoutes applies connector route mutations to a RouteConfiguration:
75- // - Online (replaced) connector found in a VH: prepend a CONNECT upgrade route
76- // targeting the replaced cluster and append info.TargetHost to VH domains.
77- // - Offline connector found in a VH: prepend a direct_response 503 CONNECT
78- // route (for CONNECT/tunnel-control clients) AND rewrite the user-facing
79- // forwarding routes that target the (endpoint-less) offline connector
80- // cluster into an immediate direct_response 503. Without the latter, a
81- // normal user GET falls through to the prefix:"/" route, which still targets
82- // the zero-endpoint cluster — Envoy then returns a generic 503
83- // no_healthy_upstream (UH) instead of a deterministic tunnel-offline
84- // response, and the empty cluster triggers retries/cluster-stat noise.
75+ // - Online (replaced) connector: prepend a CONNECT upgrade route targeting the
76+ // replaced cluster and append info.TargetHost to VH domains.
77+ // - Offline connector: prepend a CONNECT direct_response 503 (tunnel-control
78+ // clients) and rewrite the user-facing forwarding routes to a 503
79+ // direct_response (see the offline branch for why).
8580//
8681// Returns the number of VirtualHosts mutated and the number of forwarding
8782// routes converted to a tunnel-offline direct_response.
@@ -126,26 +121,18 @@ func ApplyConnectorRoutes(
126121 // NOT a synthetic .connector.local domain.
127122 vh .Domains = appendUnique (vh .Domains , info .TargetHost )
128123 } else {
129- // Offline: prepend the direct_response 503 connect_matcher route so
130- // CONNECT (tunnel-control) clients still get "Tunnel not online".
124+ // Offline connect_matcher route for tunnel-control clients.
131125 newRoute , err = buildOfflineRoute ("connector-offline-" + sanitizeID (vh .GetName ()))
132126 if err != nil {
133127 return mutated , converted , fmt .Errorf ("build offline route for %q: %w" , vh .GetName (), err )
134128 }
135129 vh .Routes = append ([]* routev3.Route {newRoute }, vh .Routes ... )
136- // No domain appended for offline connectors (no live tunnel).
137130
138- // Rewrite the user-facing forwarding route(s) that target the
139- // endpoint-less offline connector cluster into an immediate 503
140- // direct_response. Otherwise a normal GET falls through to the
141- // prefix:"/" route, hits the zero-endpoint cluster, and Envoy
142- // returns a generic 503 no_healthy_upstream (UH) plus retry/stat
143- // noise. We only replace the route's Action oneof, so each route's
144- // match, metadata, and typed_per_filter_config are preserved.
145- //
146- // Idempotent: the prepended connect_matcher route and any already
147- // converted forwarding route are direct_responses, so routeCluster
148- // returns "" for them and they never re-match connectorCluster.
131+ // Route user traffic to a deterministic 503 instead of the
132+ // endpoint-less offline cluster, which would yield a generic
133+ // no_healthy_upstream plus retry/cluster-stat noise. Replacing only
134+ // the Action oneof preserves each route's match/metadata; idempotent
135+ // because direct_responses carry no cluster to re-match.
149136 for _ , rt := range vh .GetRoutes () {
150137 if routeCluster (rt ) != connectorCluster {
151138 continue
@@ -262,11 +249,9 @@ func buildConnectRoute(name, cluster string) (*routev3.Route, error) {
262249 return rt , nil
263250}
264251
265- // offlineResponseBody is the inline body returned for tunnel-offline 503
266- // responses. Shared by the connect_matcher offline route (buildOfflineRoute)
267- // and the user-facing forwarding-route conversion (setRouteDirectResponse) so
268- // both paths return an identical body. The exact string is part of the
269- // STATE.md metadata contract.
252+ // offlineResponseBody is the inline body for tunnel-offline 503 responses,
253+ // shared by both offline paths so they return an identical body. The exact
254+ // string is part of the STATE.md metadata contract.
270255const offlineResponseBody = "Tunnel not online"
271256
272257// buildOfflineRoute builds the offline CONNECT route (direct_response 503
@@ -284,11 +269,8 @@ func buildOfflineRoute(name string) (*routev3.Route, error) {
284269 return rt , nil
285270}
286271
287- // setRouteDirectResponse rewrites a route's action to an immediate
288- // direct_response with the given status and inline body. Only the Action oneof
289- // is replaced, so the route's match, metadata, and typed_per_filter_config are
290- // preserved. Used to convert a forwarding route that targets an endpoint-less
291- // offline connector cluster into a deterministic tunnel-offline response.
272+ // setRouteDirectResponse swaps a route's action for a direct_response. Only the
273+ // Action oneof is replaced, so match/metadata/typed_per_filter_config survive.
292274func setRouteDirectResponse (rt * routev3.Route , status uint32 , body string ) error {
293275 j := fmt .Sprintf (`{ "status": %d, "body": { "inline_string": %q } }` , status , body )
294276 dr := & routev3.DirectResponseAction {}
0 commit comments