validate against overlapping matching rules defined before sending config to envoy

[mitchdraft]

logs during a crash:

k logs -n gloo-system gateway-proxy-v2-6d8b8d9d77-8q8kg
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:240] initializing epoch 0 (hot restart version=disabled)
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:242] statically linked extensions:
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:244]   access_loggers: envoy.file_access_log,envoy.http_grpc_access_log
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:247]   filters.http: envoy.buffer,envoy.cors,envoy.csrf,envoy.ext_authz,envoy.fault,envoy.filters.http.dynamic_forward_proxy,envoy.filters.http.grpc_http1_reverse_bridge,envoy.filters.http.header_to_metadata,envoy.filters.http.jwt_authn,envoy.filters.http.original_src,envoy.filters.http.rbac,envoy.filters.http.tap,envoy.grpc_http1_bridge,envoy.grpc_json_transcoder,envoy.grpc_web,envoy.gzip,envoy.health_check,envoy.http_dynamo_filter,envoy.ip_tagging,envoy.lua,envoy.rate_limit,envoy.router,envoy.squash,io.solo.aws_lambda,io.solo.cache,io.solo.filters.http.json_grpc_transcoder,io.solo.filters.http.modsecurity,io.solo.filters.http.sanitize,io.solo.filters.http.solo_jwt_authn,io.solo.nats_streaming,io.solo.transformation
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:250]   filters.listener: envoy.listener.http_inspector,envoy.listener.original_dst,envoy.listener.original_src,envoy.listener.proxy_protocol,envoy.listener.tls_inspector
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:253]   filters.network: envoy.client_ssl_auth,envoy.echo,envoy.ext_authz,envoy.filters.network.dubbo_proxy,envoy.filters.network.mysql_proxy,envoy.filters.network.rbac,envoy.filters.network.sni_cluster,envoy.filters.network.thrift_proxy,envoy.filters.network.zookeeper_proxy,envoy.http_connection_manager,envoy.mongo_proxy,envoy.ratelimit,envoy.redis_proxy,envoy.tcp_proxy
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:255]   stat_sinks: envoy.dog_statsd,envoy.metrics_service,envoy.stat_sinks.hystrix,envoy.statsd
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:257]   tracers: envoy.dynamic.ot,envoy.lightstep,envoy.tracers.datadog,envoy.tracers.opencensus,envoy.zipkin
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:260]   transport_sockets.downstream: envoy.transport_sockets.alts,envoy.transport_sockets.tap,raw_buffer,tls
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:263]   transport_sockets.upstream: envoy.transport_sockets.alts,envoy.transport_sockets.tap,raw_buffer,tls
[2019-10-22 14:40:06.453][6][info][main] [external/envoy/source/server/server.cc:269] buffer implementation: old (libevent)
[2019-10-22 14:40:06.458][6][info][main] [external/envoy/source/server/server.cc:324] admin address: 127.0.0.1:19000
[2019-10-22 14:40:06.459][6][info][main] [external/envoy/source/server/server.cc:438] runtime: layers:
  - name: base
    static_layer:
      {}
  - name: admin
    admin_layer:
      {}
[2019-10-22 14:40:06.460][6][warning][runtime] [external/envoy/source/common/runtime/runtime_impl.cc:497] Skipping unsupported runtime layer: name: "base"
static_layer {
}

[2019-10-22 14:40:06.460][6][info][config] [external/envoy/source/server/configuration_impl.cc:62] loading 0 static secret(s)
[2019-10-22 14:40:06.460][6][info][config] [external/envoy/source/server/configuration_impl.cc:68] loading 2 cluster(s)
[2019-10-22 14:40:06.463][6][warning][config] [bazel-out/k8-opt/bin/external/envoy/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:87] gRPC config stream closed: 14, no healthy upstream
[2019-10-22 14:40:06.463][6][warning][config] [bazel-out/k8-opt/bin/external/envoy/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:50] Unable to establish new stream
[2019-10-22 14:40:06.463][6][info][config] [external/envoy/source/server/configuration_impl.cc:72] loading 1 listener(s)
[2019-10-22 14:40:06.465][6][info][config] [external/envoy/source/server/configuration_impl.cc:97] loading tracing configuration
[2019-10-22 14:40:06.465][6][info][config] [external/envoy/source/server/configuration_impl.cc:117] loading stats sink configuration
[2019-10-22 14:40:06.466][6][info][main] [external/envoy/source/server/server.cc:523] starting main dispatch loop
[2019-10-22 14:40:06.481][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:143] cm init: initializing cds
[2019-10-22 14:40:07.723][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-glooe-prometheus-ku-e95ea267dd395e5c7111d7dff3d2dd3_gloo-system during init
[2019-10-22 14:40:07.724][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-glooe-prometheus-kube-state-metrics-80_gloo-system during init
[2019-10-22 14:40:07.724][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:docs-gloo-docs-latest-80_docs during init
[2019-10-22 14:40:07.725][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster docs-gloo-docs-latest-80_gloo-system during init
[2019-10-22 14:40:07.725][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-gloo-9977_gloo-system during init
[2019-10-22 14:40:07.726][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:gloo-system-gateway-proxy-v2-443_gloo-system during init
[2019-10-22 14:40:07.727][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:gloo-system-glooe-grafana-80_gloo-system during init
[2019-10-22 14:40:07.727][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-system-heapster-v1-6-1-80_gloo-system during init
[2019-10-22 14:40:07.728][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-apiserver-ui-gloo-8080_gloo-system during init
[2019-10-22 14:40:07.729][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-glooe-prometheus-server-80_gloo-system during init
[2019-10-22 14:40:07.729][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:gloo-system-extauth-8083_gloo-system during init
[2019-10-22 14:40:07.730][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:gloo-system-glooe-prometheus-kube-state-metrics-80_gloo-system during init
[2019-10-22 14:40:07.730][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-apiserver-ui-8080_gloo-system during init
[2019-10-22 14:40:07.731][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-rate-limit-18081_gloo-system during init
[2019-10-22 14:40:07.732][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:gloo-system-apiserver-ui-8080_gloo-system during init
[2019-10-22 14:40:07.732][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:kube-system-default-http-backend-80_kube-system during init
[2019-10-22 14:40:07.733][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:cert-manager-cert-manager-9402_cert-manager during init
[2019-10-22 14:40:07.734][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster default-kubernetes-443_gloo-system during init
[2019-10-22 14:40:07.734][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster docs-gloo-docs-0-20-80_gloo-system during init
[2019-10-22 14:40:07.735][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster cert-manager-cert-manager-9402_gloo-system during init
[2019-10-22 14:40:07.735][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-redis-6379_gloo-system during init
[2019-10-22 14:40:07.736][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:kube-system-heapster-80_kube-system during init
[2019-10-22 14:40:07.737][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:default-kubernetes-443_default during init
[2019-10-22 14:40:07.737][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster rate-limit_gloo-system during init
[2019-10-22 14:40:07.738][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-system-default-http-backend-glbc-80_gloo-system during init
[2019-10-22 14:40:07.739][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:docs-gloo-docs-98edb3cf906d13b4e9dea3b6ef0d48b8e2d8f9b5-80_docs during init
[2019-10-22 14:40:07.739][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-gateway-proxy-v2-443_gloo-system during init
[2019-10-22 14:40:07.740][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-glooe-grafana-80_gloo-system during init
[2019-10-22 14:40:07.741][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:gloo-system-glooe-prometheus-server-80_gloo-system during init
[2019-10-22 14:40:07.741][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:docs-gloo-docs-test-oct-17a-80_docs during init
[2019-10-22 14:40:07.742][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster docs-gloo-docs-test-oct-17a-80_gloo-system during init
[2019-10-22 14:40:07.742][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster extauth_gloo-system during init
[2019-10-22 14:40:07.743][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-gateway-proxy-v2-80_gloo-system during init
[2019-10-22 14:40:07.744][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-gateway-proxy-v2-gateway-proxy-80_gloo-system during init
[2019-10-22 14:40:07.744][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-system-heapster-80_gloo-system during init
[2019-10-22 14:40:07.745][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:kube-system-metrics-server-443_kube-system during init
[2019-10-22 14:40:07.746][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:gloo-system-gateway-proxy-v2-80_gloo-system during init
[2019-10-22 14:40:07.746][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-system-default-http-backend-80_gloo-system during init
[2019-10-22 14:40:07.747][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-system-metrics-server-443_gloo-system during init
[2019-10-22 14:40:07.748][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster docs-gloo-docs-test-oct-18a-80_gloo-system during init
[2019-10-22 14:40:07.748][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:gloo-system-gloo-9977_gloo-system during init
[2019-10-22 14:40:07.749][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:gloo-system-rate-limit-18081_gloo-system during init
[2019-10-22 14:40:07.749][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:docs-gloo-docs-0-20-80_docs during init
[2019-10-22 14:40:07.750][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:docs-gloo-docs-test-oct-18a-80_docs during init
[2019-10-22 14:40:07.751][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-system-metrics-server-v0-3-1-443_gloo-system during init
[2019-10-22 14:40:07.751][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-extauth-8083_gloo-system during init
[2019-10-22 14:40:07.752][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-glooe-prometheus-server-prometheus-8-4-1-tiller-80_gloo-system during init
[2019-10-22 14:40:07.752][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-system-kube-dns-53_gloo-system during init
[2019-10-22 14:40:07.754][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:gloo-system-redis-6379_gloo-system during init
[2019-10-22 14:40:07.755][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster kube-svc:kube-system-kube-dns-53_kube-system during init
[2019-10-22 14:40:07.755][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster cert-manager-cert-manager-cert--77d1edd8f1dbeaff686be9b01782202_gloo-system during init
[2019-10-22 14:40:07.756][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster docs-gloo-docs-98edb3cf906d13b4e9dea3b6ef0d48b8e2d8f9b5-80_gloo-system during init
[2019-10-22 14:40:07.757][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:488] add/update cluster gloo-system-gateway-proxy-v2-gateway-proxy-443_gloo-system during init
[2019-10-22 14:40:07.757][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:123] cm init: initializing secondary clusters
[2019-10-22 14:40:07.764][6][info][upstream] [external/envoy/source/common/upstream/cluster_manager_impl.cc:147] cm init: all clusters initialized
[2019-10-22 14:40:07.764][6][info][main] [external/envoy/source/server/server.cc:506] all clusters initialized. initializing init manager
[2019-10-22 14:40:07.768][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.769][6][info][upstream] [external/envoy/source/server/lds_api.cc:60] lds: add/update listener 'listener-::-8080'
[2019-10-22 14:40:07.771][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.772][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.777][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.778][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.782][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.783][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.787][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.788][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.791][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.792][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.796][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.797][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.801][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.802][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.806][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.807][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.810][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.811][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.815][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.816][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.820][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.820][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.824][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.825][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.829][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.829][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.833][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.834][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:07.838][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:07.839][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:08.141][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:08.142][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:08.441][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:08.441][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:08.741][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:08.741][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:09.043][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:09.044][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:09.346][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:09.346][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:09.649][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:09.650][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:09.952][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:09.952][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:10.254][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:10.255][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:10.556][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:10.557][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:10.861][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:10.863][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:11.162][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:11.162][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:11.464][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:11.464][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:11.794][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:11.796][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:12.087][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:12.088][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:12.391][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:12.392][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:12.693][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:12.694][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:12.998][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:12.999][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:13.309][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:13.310][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:13.611][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:13.612][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:13.916][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:13.917][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:14.219][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:14.220][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:14.521][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:14.522][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:14.825][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:14.825][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:15.030][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:15.030][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:15.338][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:15.339][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:15.644][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:15.644][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:15.950][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:15.951][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:16.252][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:16.253][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:16.554][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:16.556][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:16.861][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:16.862][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:17.167][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:17.168][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:17.472][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:17.473][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:17.774][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:17.775][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:18.079][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:18.079][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:18.384][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:18.385][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:18.727][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:18.727][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:18.929][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:18.930][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:19.247][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:19.248][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:19.548][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:19.549][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:19.850][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:19.851][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:20.153][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:20.154][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:20.456][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:20.458][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:20.757][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:20.758][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:21.058][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:21.059][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:21.371][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:21.372][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:21.685][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:21.688][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:21.982][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:21.983][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:22.293][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:22.293][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:22.593][6][info][jwt] [bazel-out/k8-opt/bin/external/envoy/source/extensions/filters/http/jwt_authn/_virtual_includes/filter_config_interface/extensions/filters/http/jwt_authn/filter_config.h:72] Loaded JwtAuthConfig: filter_state_rules {
  name: "filterState"
}

[2019-10-22 14:40:22.593][6][warning][config] [external/envoy/source/common/config/grpc_mux_subscription_impl.cc:81] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener-::-8443: error adding listener '[::]:8443': multiple filter chains with overlapping matching rules are defined
[2019-10-22 14:40:22.767][6][info][config] [external/envoy/source/server/listener_manager_impl.cc:771] all dependencies initialized. starting workers
[2019-10-22 14:40:22.769][18][critical][backtrace] [bazel-out/k8-opt/bin/external/envoy/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:81] Caught Segmentation fault, suspect faulting address 0x0
[2019-10-22 14:40:22.769][18][critical][backtrace] [bazel-out/k8-opt/bin/external/envoy/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:69] Backtrace (use tools/stack_decode.py to get line numbers):
[2019-10-22 14:40:22.770][18][critical][backtrace] [bazel-out/k8-opt/bin/external/envoy/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:75] #0: [0x7f7c3f665420]

I believe this was caused by the following bad config:

apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"gateway.solo.io/v1","kind":"VirtualService","metadata":{"annotations":{},"name":"tempdocsmgmt","namespace":"tempdocsmigration"},"spec":{"sslConfig":{"secretRef":{"name":"docs.solo.io","namespace":"gloo-system"},"sniDomains":["docs.solo.io"]},"virtualHost":{"domains":["gloodocstemp.solo.io"],"routes":[{"matcher":{"prefix":"/"},"redirectAction":{"hostRedirect":"docs.solo.io","httpsRedirect":true}}]}}}

expands to this:

{
  "apiVersion": "gateway.solo.io/v1",
  "kind": "VirtualService",
  "metadata": {
    "annotations": {},
    "name": "tempdocsmgmt",
    "namespace": "tempdocsmigration"
  },
  "spec": {
    "sslConfig": {
      "secretRef": {
        "name": "docs.solo.io",
        "namespace": "gloo-system"
      },
      "sniDomains": [
        "docs.solo.io"
      ]
    },
    "virtualHost": {
      "domains": [
        "gloodocstemp.solo.io"
      ],
      "routes": [
        {
          "matcher": {
            "prefix": "/"
          },
          "redirectAction": {
            "hostRedirect": "docs.solo.io",
            "httpsRedirect": true
          }
        }
      ]
    }
  }
}

after I deleted the sslConfig, this error went away (that identical sslConfig was used in a different virtual service)

we should be able to perform this validation before submitting to Envoy

[mitchdraft]

How to repro on GlooE v0.19.0 (cannot repro on Gloo)

Create the secret:

openssl req -x509 -nodes -days 365 -newkey rsa:2048    -keyout tls.key -out tls.crt -subj "/CN=animalstore.example.com"
kubectl create secret tls gloo.solo.io --key tls.key --cert tls.crt --namespace gloo-system

Apply the following virtual services

• note that two virtual services have equivalent sslConfigs, which produces this error: multiple filter chains with overlapping matching rules are defined

apiVersion: v1
items:
- apiVersion: gateway.solo.io/v1
  kind: VirtualService
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"gateway.solo.io/v1","kind":"VirtualService","metadata":{"annotations":{},"name":"docsmgmt-http","namespace":"default"},"spec":{"virtualHost":{"domains":["test.com"],"routes":[{"matcher":{"prefix":"/"},"redirectAction":{"hostRedirect":"docs.solo.io","httpsRedirect":true}}]}}}
    creationTimestamp: "2019-10-28T19:28:36Z"
    generation: 1
    name: docsmgmt-http
    namespace: default
    resourceVersion: "13475945"
    selfLink: /apis/gateway.solo.io/v1/namespaces/default/virtualservices/docsmgmt-http
    uid: 23497fb0-f9b9-11e9-8605-42010a800159
  spec:
    virtualHost:
      domains:
      - test.com
      routes:
      - matcher:
          prefix: /
        redirectAction:
          hostRedirect: docs.solo.io
          httpsRedirect: true
  status:
    reported_by: gateway
    state: 1
- apiVersion: gateway.solo.io/v1
  kind: VirtualService
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"gateway.solo.io/v1","kind":"VirtualService","metadata":{"annotations":{},"name":"docsmgmt1","namespace":"default"},"spec":{"sslConfig":{"secretRef":{"name":"gloo.solo.io","namespace":"gloo-system"},"sniDomains":["gloo.solo.io"]},"virtualHost":{"domains":["abc.com"],"routes":[{"matcher":{"prefix":"/"},"redirectAction":{"hostRedirect":"solo.io"}}]}}}
    creationTimestamp: "2019-10-28T19:28:36Z"
    generation: 1
    name: docsmgmt1
    namespace: default
    resourceVersion: "13475946"
    selfLink: /apis/gateway.solo.io/v1/namespaces/default/virtualservices/docsmgmt1
    uid: 2318f146-f9b9-11e9-8605-42010a800159
  spec:
    sslConfig:
      secretRef:
        name: gloo.solo.io
        namespace: gloo-system
      sniDomains:
      - gloo.solo.io
    virtualHost:
      domains:
      - abc.com
      routes:
      - matcher:
          prefix: /
        redirectAction:
          hostRedirect: solo.io
  status:
    reported_by: gateway
    state: 1
- apiVersion: gateway.solo.io/v1
  kind: VirtualService
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"gateway.solo.io/v1","kind":"VirtualService","metadata":{"annotations":{},"name":"docsmgmt2","namespace":"default"},"spec":{"sslConfig":{"secretRef":{"name":"gloo.solo.io","namespace":"gloo-system"},"sniDomains":["gloo.solo.io"]},"virtualHost":{"domains":["123.com"],"routes":[{"matcher":{"prefix":"/"},"redirectAction":{"hostRedirect":"solo.io"}}]}}}
    creationTimestamp: "2019-10-28T19:28:36Z"
    generation: 1
    name: docsmgmt2
    namespace: default
    resourceVersion: "13475947"
    selfLink: /apis/gateway.solo.io/v1/namespaces/default/virtualservices/docsmgmt2
    uid: 2330bba0-f9b9-11e9-8605-42010a800159
  spec:
    sslConfig:
      secretRef:
        name: gloo.solo.io
        namespace: gloo-system
      sniDomains:
      - gloo.solo.io
    virtualHost:
      domains:
      - 123.com
      routes:
      - matcher:
          prefix: /
        redirectAction:
          hostRedirect: solo.io
  status:
    reported_by: gateway
    state: 1
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

Here is a more terse form of the virtual services (Equivalent to the above):

apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  annotations:
  name: docsmgmt1
spec:
  sslConfig:
    secretRef:
      name: gloo.solo.io
      namespace: gloo-system
    sniDomains:
    - gloo.solo.io
  virtualHost:
    domains:
    - "abc.com"
    routes:
    - matcher:
        prefix: /
      redirectAction:
        hostRedirect: twitter.com
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  annotations:
  name: docsmgmt2
spec:
  sslConfig:
    secretRef:
      name: gloo.solo.io
      namespace: gloo-system
    sniDomains:
    - gloo.solo.io
  virtualHost:
    domains:
    - "123.com"
    routes:
    - matcher:
        prefix: /
      redirectAction:
        hostRedirect: github.com
---
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: docsmgmt-http
spec:
  virtualHost:
    domains:
    - "test.com"
    routes:
    - matcher:
        prefix: /
      redirectAction:
        hostRedirect: google.com
        httpsRedirect: true

[github-actions[bot]]

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.

[DuncanDoyle]

Can't reproduce this on Gloo Edge 1.16.6. Overlapping configs are not sent to Envoy. The Gateway resource will give the following error:

status:
  statuses:
    gloo-system:
      reason: "1 error occurred:\n\t* Listener Error: SSLConfigError. Reason: Tried
        to apply multiple filter chains with the same FilterChainMatch {}. This is
        usually caused by overlapping sniDomains or multiple empty sniDomains in virtual
        services\n\n"
      reportedBy: gloo
      state: Rejected
      subresourceStatuses:
        '*v1.Proxy.gateway-proxy_gloo-system':
          reportedBy: gloo
          state: Accepted

Closing