fix: respect existing hostname

Author: zachsmith1

internal/controller/gateway_controller.go

@@ -178,7 +178,7 @@ func (r *GatewayReconciler) prepareUpstreamGateway(gateway *gatewayv1.Gateway) (
 	// the defaulting webhook as the UID is not available, but we still want to
 	// let users create gateways without listeners and receive sane defaults.
 
-	gatewayDefaultHostname := ptr.To(gatewayv1.Hostname(r.Config.Gateway.GatewayDNSAddress(gateway)))
+	gatewayDefaultHostname := ptr.To(gatewayv1.Hostname(r.gatewayCanonicalHostname(gateway)))
 
 	defaultHTTPListener := gatewayutil.GetListenerByName(gateway.Spec.Listeners, gatewayutil.DefaultHTTPListenerName)
 	if defaultHTTPListener != nil && defaultHTTPListener.Hostname == nil {
@@ -221,7 +221,7 @@ func (r *GatewayReconciler) ensureDownstreamGateway(
 			}
 		}
 	} else {
-		gatewayDNSAddress := r.Config.Gateway.GatewayDNSAddress(upstreamGateway)
+		gatewayDNSAddress := r.gatewayCanonicalHostname(upstreamGateway)
 
 		// targetDomainHostnames are default hostnames that are unique to each gateway, and
 		// will have DNS records created for them. Any custom hostnames provided in
@@ -756,6 +756,7 @@ func (r *GatewayReconciler) isDatumManagedGatewayHostname(upstreamGateway *gatew
 	legacyUIDWithoutDashes := strings.ReplaceAll(gatewayUID, "-", "")
 
 	managedBaseHostnames := []string{
+		r.gatewayCanonicalHostname(upstreamGateway),
 		r.Config.Gateway.GatewayDNSAddress(upstreamGateway),
 		fmt.Sprintf("%s.%s", legacyUIDWithoutDashes, targetDomain),
 		fmt.Sprintf("%s.%s", gatewayUID, targetDomain),
@@ -785,7 +786,7 @@ func (r *GatewayReconciler) ensureHostnameVerification(
 ) ([]string, error) {
 	logger := log.FromContext(ctx)
 
-	gatewayDefaultHostname := r.Config.Gateway.GatewayDNSAddress(upstreamGateway)
+	gatewayDefaultHostname := r.gatewayCanonicalHostname(upstreamGateway)
 
 	// Allow hostnames which have been successfully configured on the downstream
 	// gateway stay on the gateway, regardless of whether or not there is a
@@ -908,6 +909,43 @@ func (r *GatewayReconciler) ensureHostnameVerification(
 	return verifiedHostnamesSlice, nil
 }
 
+// gatewayCanonicalHostname returns the managed canonical hostname for a gateway.
+// It prefers an existing status address in the configured target domain to avoid
+// renaming already-programmed gateways during hostname format transitions.
+func (r *GatewayReconciler) gatewayCanonicalHostname(upstreamGateway *gatewayv1.Gateway) string {
+	if existing := managedGatewayHostnameFromStatus(
+		upstreamGateway.Status.Addresses,
+		r.Config.Gateway.TargetDomain,
+	); existing != "" {
+		return existing
+	}
+	return r.Config.Gateway.GatewayDNSAddress(upstreamGateway)
+}
+
+// managedGatewayHostnameFromStatus returns the base hostname address (not v4/v6
+// variants) in the target domain from gateway status, if present.
+func managedGatewayHostnameFromStatus(
+	addresses []gatewayv1.GatewayStatusAddress,
+	targetDomain string,
+) string {
+	suffix := "." + targetDomain
+
+	for _, addr := range addresses {
+		if ptr.Deref(addr.Type, "") != gatewayv1.HostnameAddressType {
+			continue
+		}
+		if !(addr.Value == targetDomain || strings.HasSuffix(addr.Value, suffix)) {
+			continue
+		}
+		if strings.HasPrefix(addr.Value, "v4.") || strings.HasPrefix(addr.Value, "v6.") {
+			continue
+		}
+		return addr.Value
+	}
+
+	return ""
+}
+
 func (r *GatewayReconciler) ensureDownstreamGatewayDNSEndpoints(
 	ctx context.Context,
 	downstreamGateway *gatewayv1.Gateway,

internal/controller/gateway_controller_test.go

@@ -245,6 +245,47 @@ func TestEnsureDownstreamGateway(t *testing.T) {
 	}
 }
 
+func TestPrepareUpstreamGateway_UsesExistingCanonicalHostname(t *testing.T) {
+	testConfig := config.NetworkServicesOperator{
+		Gateway: config.GatewayConfig{
+			TargetDomain: "test-suite.com",
+		},
+	}
+
+	legacyUID := types.UID("11111111-1111-1111-1111-111111111111")
+	legacyHostname := "11111111111111111111111111111111.test-suite.com"
+	gateway := newGateway(testConfig, "test", "test", func(g *gatewayv1.Gateway) {
+		g.UID = legacyUID
+		g.Status.Addresses = []gatewayv1.GatewayStatusAddress{
+			{
+				Type:  ptr.To(gatewayv1.HostnameAddressType),
+				Value: legacyHostname,
+			},
+		}
+		// Simulate an object where listener hostnames are still nil and need defaulting.
+		for i := range g.Spec.Listeners {
+			g.Spec.Listeners[i].Hostname = nil
+		}
+	})
+
+	reconciler := &GatewayReconciler{
+		Config: testConfig,
+	}
+
+	needsUpdate := reconciler.prepareUpstreamGateway(gateway)
+	assert.True(t, needsUpdate, "gateway should be updated to assign listener hostnames")
+
+	defaultHTTPListener := gatewayutil.GetListenerByName(gateway.Spec.Listeners, gatewayutil.DefaultHTTPListenerName)
+	require.NotNil(t, defaultHTTPListener)
+	require.NotNil(t, defaultHTTPListener.Hostname)
+	assert.Equal(t, gatewayv1.Hostname(legacyHostname), *defaultHTTPListener.Hostname)
+
+	defaultHTTPSListener := gatewayutil.GetListenerByName(gateway.Spec.Listeners, gatewayutil.DefaultHTTPSListenerName)
+	require.NotNil(t, defaultHTTPSListener)
+	require.NotNil(t, defaultHTTPSListener.Hostname)
+	assert.Equal(t, gatewayv1.Hostname(legacyHostname), *defaultHTTPSListener.Hostname)
+}
+
 func TestEnsureDownstreamGatewayWildcardCert(t *testing.T) {
 	testScheme := runtime.NewScheme()
 	assert.NoError(t, scheme.AddToScheme(testScheme))
@@ -1127,14 +1168,15 @@ func TestEnsureHostnamesClaimed(t *testing.T) {
 			)
 
 			if assert.NoError(t, err, "unexpected error calling ensureHostnameVerification") {
-				expectedVerifiedHostnames := append(
-					tt.expectedVerifiedHostnames,
-					testConfig.Gateway.GatewayDNSAddress(tt.upstreamGateway),
-				)
-				expectedClaimedHostnames := append(
-					tt.expectedClaimedHostnames,
-					testConfig.Gateway.GatewayDNSAddress(tt.upstreamGateway),
-				)
+				canonicalHostname := reconciler.gatewayCanonicalHostname(tt.upstreamGateway)
+				expectedVerifiedHostnames := slices.Clone(tt.expectedVerifiedHostnames)
+				if !slices.Contains(expectedVerifiedHostnames, canonicalHostname) {
+					expectedVerifiedHostnames = append(expectedVerifiedHostnames, canonicalHostname)
+				}
+				expectedClaimedHostnames := slices.Clone(tt.expectedClaimedHostnames)
+				if !slices.Contains(expectedClaimedHostnames, canonicalHostname) {
+					expectedClaimedHostnames = append(expectedClaimedHostnames, canonicalHostname)
+				}
 				slices.Sort(expectedVerifiedHostnames)
 				slices.Sort(expectedClaimedHostnames)
 				assert.EqualValues(t, expectedVerifiedHostnames, verifiedHostnames, "expected verified hostnames mismatch")

internal/controller/gateway_dns_controller.go

@@ -68,7 +68,7 @@ func (r *GatewayReconciler) ensureDNSRecordSets(
 	logger := log.FromContext(ctx)
 	logger.Info("ensuring DNS record sets", "claimed_hostname_count", len(claimedHostnames))
 
-	canonicalHostname := r.Config.Gateway.GatewayDNSAddress(upstreamGateway)
+	canonicalHostname := r.gatewayCanonicalHostname(upstreamGateway)
 
 	// List all Domains in the gateway namespace once; we query them per hostname below.
 	var domainList networkingv1alpha.DomainList

internal/controller/gateway_dns_controller_test.go

@@ -15,8 +15,10 @@ import (
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 	"sigs.k8s.io/controller-runtime/pkg/log"
@@ -538,6 +540,31 @@ func TestEnsureDNSRecordSets(t *testing.T) {
 				assert.Empty(t, list.Items)
 			},
 		},
+		{
+			name:             "legacy canonical hostname remains canonical when status already set",
+			claimedHostnames: []string{"11111111111111111111111111111111.gateways.test.local", "api.example.com"},
+			upstreamObjects: []client.Object{
+				newVerifiedDNSZoneDomain(ns, "example.com", false),
+				newDNSZone(ns, "example-com", "example.com"),
+			},
+			assertStatuses: func(t *testing.T, statuses []networkingv1alpha.HostnameStatus) {
+				require.Len(t, statuses, 1)
+				assert.Equal(t, "api.example.com", statuses[0].Hostname)
+				c := apimeta.FindStatusCondition(statuses[0].Conditions, networkingv1alpha.HostnameConditionDNSRecordProgrammed)
+				require.NotNil(t, c)
+				assert.Equal(t, metav1.ConditionTrue, c.Status)
+				assert.Equal(t, networkingv1alpha.DNSRecordReasonCreated, c.Reason)
+			},
+			assertRecords: func(t *testing.T, cl client.Client) {
+				var list dnsv1alpha1.DNSRecordSetList
+				require.NoError(t, cl.List(context.Background(), &list, client.InNamespace(ns)))
+				require.Len(t, list.Items, 1)
+				rs := list.Items[0]
+				require.Len(t, rs.Spec.Records, 1)
+				require.NotNil(t, rs.Spec.Records[0].CNAME)
+				assert.Equal(t, "11111111111111111111111111111111.gateways.test.local.", rs.Spec.Records[0].CNAME.Content)
+			},
+		},
 		{
 			name:             "single-label hostname gets NotApplicable",
 			claimedHostnames: []string{"localhost"},
@@ -580,6 +607,23 @@ func TestEnsureDNSRecordSets(t *testing.T) {
 			s := newDNSTestScheme(t)
 
 			gw := newTestGatewayForDNS(ns, "test-gw")
+			if tt.name == "legacy canonical hostname remains canonical when status already set" {
+				gw.UID = types.UID("11111111-1111-1111-1111-111111111111")
+				gw.Status.Addresses = []gatewayv1.GatewayStatusAddress{
+					{
+						Type:  ptr.To(gatewayv1.HostnameAddressType),
+						Value: "11111111111111111111111111111111.gateways.test.local",
+					},
+					{
+						Type:  ptr.To(gatewayv1.HostnameAddressType),
+						Value: "v4.11111111111111111111111111111111.gateways.test.local",
+					},
+					{
+						Type:  ptr.To(gatewayv1.HostnameAddressType),
+						Value: "v6.11111111111111111111111111111111.gateways.test.local",
+					},
+				}
+			}
 
 			// Seed the gateway itself so owner reference can be set.
 			allObjects := append([]client.Object{gw}, tt.upstreamObjects...)