Kafka L7 visibility policy causes connection errors due to parser errors #21813
Labels
help-wanted
Please volunteer for this by adding yourself as an assignee!
kind/bug
This is a bug in the Cilium logic.
needs/triage
This issue requires triaging to establish severity and next steps.
pinned
These issues are not marked stale by our issue bot.
sig/agent
Cilium agent related.
sig/policy
Impacts whether traffic is allowed or denied based on user-defined policies.
Is there an existing issue for this?
What happened?
When using Kafka L7 visibility policies, I'm seeing my Kafka consumers get disconnected roughly every 30-60 seconds. I enabled debug logging and verbose envoy logs and was able to find the error related to the disconnect, it seems the Kafka parser is encountering an error and closing the connection as a result.
Cilium Version
I'm using a recent master build, but this is present in all versions I've tried.
Kernel Version
Linux lima-docker 5.15.0-27-generic #28-Ubuntu SMP Thu Apr 14 12:56:31 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
Kubernetes Version
Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.4", GitCommit:"95ee5ab382d64cfe6c28967f36b53970b8374491", GitTreeState:"clean", BuildDate:"2022-09-01T23:50:12Z", GoVersion:"go1.18.5", Compiler:"gc", Platform:"linux/arm64"}
Sysdump
cilium-sysdump-20221019-110146.zip
Relevant log output
Anything else?
I have a demo app to reproduce but it's private. PM me if you need a way to reproduce the error.
Code of Conduct
The text was updated successfully, but these errors were encountered: