Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ServiceProbe is broken with transparent proxying Universal #5335

Closed
jakubdyszkiewicz opened this issue Nov 16, 2022 · 3 comments · Fixed by #6438
Closed

ServiceProbe is broken with transparent proxying Universal #5335

jakubdyszkiewicz opened this issue Nov 16, 2022 · 3 comments · Fixed by #6438
Labels
kind/bug A bug triage/accepted The issue was reviewed and is complete enough to start working on it

Comments

@jakubdyszkiewicz
Copy link
Contributor

What happened?

Steps to reproduce run should not load balance requests to unhealthy instance on UniCluster1 or manually

  1. Spawn Envoy with Application on Unviersal with Transparent Proxying
  2. Kill app
  3. See that Envoy reports that the app is healthy.

After digging deeper it is caused by #4630
When the regular traffic goes to the Envoy, it goes through the inbound listener, then to cluster that has set upstream bind config. This modifies the source address+port so iptables can pass this traffic further.

When the traffic is initiated by Envoy with HC it does not use the cluster therefore it does not have changed bind config.

Potential solutions that we quickly discussed:

  1. Modify Envoy HDS to let it override upstream bind config
  2. Move HDS to kuma-dp Go process (requires rebuilding HDS client etc.)
@jakubdyszkiewicz jakubdyszkiewicz added triage/pending This issue will be looked at on the next triage meeting kind/bug A bug labels Nov 16, 2022
@jakubdyszkiewicz jakubdyszkiewicz mentioned this issue Nov 16, 2022
Merged
12 tasks
@jakubdyszkiewicz
Copy link
Contributor Author

Will be solved by envoyproxy/envoy#24053

@jakubdyszkiewicz jakubdyszkiewicz added triage/accepted The issue was reviewed and is complete enough to start working on it and removed triage/pending This issue will be looked at on the next triage meeting labels Nov 21, 2022
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Feb 20, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@michaelbeaumont
Copy link
Contributor

Will be solved in Envoy v1.25

@michaelbeaumont michaelbeaumont removed the triage/stale Inactive for some time. It will be triaged again label Feb 27, 2023
This was referenced Mar 7, 2023
Merged
Closed
@lobkovilya lobkovilya mentioned this issue Apr 3, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug A bug triage/accepted The issue was reviewed and is complete enough to start working on it
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(config): remove EnableLocalhostInboundClusters option lobkovilya/kuma
2 participants
@michaelbeaumont @jakubdyszkiewicz