fix: http3 listener with multiple hostnames

[zhaohuabing]

TLSInspector doesn't work for UDP, so for HTTP3 xDS listener, we should use the default filter chain and create a default route for multiple ir HTTPListeners with different hostnames on the same port.

fixes: #5660 (comment)

HTTP3 listeners creates multiple filter chains without matching rules, this was introduced in #5671. We should merge multiple filter chains for HTTP3 into one, similar to HTTP listeners.

Caveat: Since listeners with different hostnames are merged into the default filter chain, they can only share a single wildcard server certificate if HTTP3 is enabled. Currently, this is not checked and one of the certs is used for HTTP3 listener. We should enforce this restriction and surface an error to the ClientTrafficPolicy.

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: http3-gtw
  namespace: gateway-conformance-infra
spec:
  gatewayClassName: "{GATEWAY_CLASS_NAME}"
  listeners:
    - name: https1
      protocol: HTTPS
      port: 443
      hostname: "foo.example.com"
      tls:
        mode: Terminate
        certificateRefs:
          - kind: Secret
            group: ""
            name: wildcard-example-com-tls
    - name: https2
      protocol: HTTPS
      port: 443
      hostname: "bar.example.com"
      tls:
        mode: Terminate
        certificateRefs:
          - kind: Secret
            group: ""
            name: wildcard-example-com-tls

[codecov]

Codecov Report

❌ Patch coverage is 77.14286% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.07%. Comparing base (589fd5c) to head (bda9200).
⚠️ Report is 96 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/xds/translator/translator.go	74.00%	8 Missing and 5 partials ⚠️
internal/xds/translator/listener.go	85.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6675      +/-   ##
==========================================
- Coverage   71.10%   71.07%   -0.03%     
==========================================
  Files         225      225              
  Lines       39760    39779      +19     
==========================================
+ Hits        28271    28273       +2     
- Misses       9829     9843      +14     
- Partials     1660     1663       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[arkodg]

can we scope this logic to http3 only ?

[zhaohuabing]

can we scope this logic to http3 only ?

Could you be more specific? I think this PR only includes necessary code changes to make HTTP3 listener work.

[github-actions]

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. Please feel free to give a status update now, ping for review, when it's ready. Thank you for your contributions!