From d498a0afc9f0e5d95f20283ff3ecd6e976717143 Mon Sep 17 00:00:00 2001
From: Chris Piraino <cpiraino@hashicorp.com>
Date: Wed, 6 May 2020 13:39:38 -0500
Subject: [PATCH] Correctly set a namespace label in the required domain for
 xds routes

If an upstream is not in the default namespace, we expect DNS requests
to be served over "<service-name>.ingress.<namespace>.*"
---
 agent/xds/routes.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/agent/xds/routes.go b/agent/xds/routes.go
index 48de369a14..0b870227f0 100644
--- a/agent/xds/routes.go
+++ b/agent/xds/routes.go
@@ -98,6 +98,7 @@ func routesFromSnapshotIngressGateway(cfgSnap *proxycfg.ConfigSnapshot) ([]proto
 				continue
 			}
 
+			namespace := u.GetEnterpriseMeta().NamespaceOrDefault()
 			var domains []string
 			switch {
 			case len(upstreams) == 1:
@@ -110,6 +111,8 @@ func routesFromSnapshotIngressGateway(cfgSnap *proxycfg.ConfigSnapshot) ([]proto
 				// If a user has specified hosts, do not add the default
 				// "<service-name>.*" prefix
 				domains = u.IngressHosts
+			case namespace != structs.IntentionDefaultNamespace:
+				domains = []string{fmt.Sprintf("%s.ingress.%s.*", chain.ServiceName, namespace)}
 			default:
 				domains = []string{fmt.Sprintf("%s.*", chain.ServiceName)}
 			}