(apigw/httproute) Add support to disable traffic with weight 0 in services#23216
Open
sujay-hashicorp wants to merge 1 commit intomainfrom
Open
(apigw/httproute) Add support to disable traffic with weight 0 in services#23216sujay-hashicorp wants to merge 1 commit intomainfrom
sujay-hashicorp wants to merge 1 commit intomainfrom
Conversation
sujay-hashicorp
added
pr/no-changelog
sujay-hashicorp
changed the title
sujay-hashicorp
force-pushed
the
sujay/fix/route-weight-0
branch
from
08b2d33 to
1472d47
Compare
sujay-hashicorp
added
backport/all
sujay-hashicorp
changed the title
sujay-hashicorp
added
the
pr/do-not-merge
vdinesh4738
reviewed
Feb 17, 2026
agent/structs/config_entry_routes.go
Outdated
| @@ -105,8 +105,19 @@ func (e *HTTPRouteConfigEntry) Normalize() error { | |||
| rule.Matches[j] = normalizeHTTPMatch(match) | |||
| } | |||
|
|
|||
| allServicesHaveZeroWeight := len(rule.Services) > 0 | |||
There was a problem hiding this comment.
this is misleading, why can't we simply have
allServicesHaveZeroWeight := true
Contributor
Author
There was a problem hiding this comment.
Sure, I have updated it to true. It was set like this so to skip extra processing in cases where there are no services. But I think HTTPRoute must have at least 1 service.
sujay-hashicorp
force-pushed
the
sujay/fix/route-weight-0
branch
from
1472d47 to
67d104e
Compare
sujay-hashicorp
force-pushed
the
sujay/fix/route-weight-0
branch
2 times, most recently
from
73e47ae to
9e8325a
Compare
…of setting it 1 explicitly
sujay-hashicorp
force-pushed
the
sujay/fix/route-weight-0
branch
from
9e8325a to
6c84033
Compare
| service.Merge(e.GetEnterpriseMeta()) | ||
| service.Normalize() | ||
| if service.Weight <= 0 { | ||
| if service.Weight < 0 { |
Member
There was a problem hiding this comment.
Wouldn't this reintroduce the same issue again? This normalisation layer looks fine, but down the discovery chain, the 0-weight services would get skipped here and at the end of the loop no spiltter would be created.
Will this handled by Envoy now? If yes, can we add some test coverage to ensure that we return 503?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes Consul API Gateway behavior for Kubernetes
HTTPRoutebackends withweight: 0.Previously,
HTTPRoutenormalization converted allweight <= 0values to1, which caused explicitweight: 0backends to still receive traffic. This conflicted with Gateway API expectations and customer-observed behavior.This change updates normalization logic to:
weight: 0(so zero-weight backends can be excluded from traffic).Preserve backward compatibility by normalizing all-zero rules to 1 (to avoid breaking older configs that relied on omitted/default weights).
Links
Tests
weight: 0does not receive any traffic.HTTPRoute config output
$ consul config read -kind http-route -name quill-route{ "Kind": "http-route", "Name": "quill-route", "Parents": [ { "Kind": "api-gateway", "Name": "api-gateway", "SectionName": "http-listener" } ], "Rules": [ { "Filters": { "Headers": null, "URLRewrite": null, "RetryFilter": null, "TimeoutFilter": null, "JWT": null }, "ResponseFilters": { "Headers": null }, "Matches": [ { "Headers": null, "Method": "", "Path": { "Match": "prefix", "Value": "/" }, "Query": null } ], "Services": [ { "Name": "quill-v1", "Weight": 0, "Filters": { "Headers": null, "URLRewrite": null, "RetryFilter": null, "TimeoutFilter": null, "JWT": null }, "ResponseFilters": { "Headers": null } }, { "Name": "quill-v2", "Weight": 100, "Filters": { "Headers": null, "URLRewrite": null, "RetryFilter": null, "TimeoutFilter": null, "JWT": null }, "ResponseFilters": { "Headers": null } } ] } ], "Hostnames": null, "CreateIndex": 43, "ModifyIndex": 80, "Status": { "Conditions": [ { "Type": "Accepted", "Status": "True", "Reason": "Accepted", "Message": "route is valid", "Resource": { "Kind": "", "Name": "", "SectionName": "" }, "LastTransitionTime": "2026-02-16T08:17:57.943208Z" }, { "Type": "Bound", "Status": "True", "Reason": "Bound", "Message": "successfully bound route", "Resource": { "Kind": "api-gateway", "Name": "api-gateway", "SectionName": "http-listener" }, "LastTransitionTime": "2026-02-16T08:17:57.943215Z" } ] } }Traffic Distribution
case 1:
case 2:
PR Checklist
PCI review checklist
I have documented a clear reason for, and description of, the change I am making.
If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
If applicable, I've documented the impact of any changes to security controls.
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.