While testing the policy, we noticed some unexpected behavior:
When a CIDR and protocol HTTP were defined, proper outbounds were not generated.
When the protocol was HTTP, the matcher was missing the port.
Ordering was incorrect when protocols within the same group (HTTP/HTTP2/gRPC) were used.
Implementation information
Updated the logic to create individual FilterChainMatch structures, aligning with Envoy's filter chain matcher parameters.
Added routes exclusively for HTTP matching with domains, as they need to be placed in virtual hosts.
Resolved the issue where the port matcher was missing for HTTP.
Fixed the problem where the combination of protocol HTTP and CIDR did not generate correct routes.
Corrected the ordering by introducing an order map for protocols, ensuring that more specific routes are not placed at the end for HTTP/HTTP2/gRPC protocols.
Motivation
While testing the policy, we noticed some unexpected behavior:
Implementation information
Supporting documentation
Fix https://github.com/kumahq/kuma/issues/12052