-
Notifications
You must be signed in to change notification settings - Fork 432
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide option for gloo to work with rejected Upstreams #3797
Comments
The primary scenario for this is when a k8s type I am, at this point, unable to reproduce the problem of Gloo not being able to receive updates. In the following scenario:
Now that it is in the "broken" state, the assumption behind this issue is that other unrelated changes would not be propagated to Envoy, however...
|
If it helps, the scenario I encountered this issue included: deleting the k8s service behind a valid upstream/virtualservice (and not deleting the upstream and virtualservice), then creating a new k8s service (unrelated to the previous deleted k8s service), and creating a new upstream/virtualservice for that new k8s service. I am unable to reach the new k8s service because of the orphaned upstream/virtualservice. |
Hi @asadoughi . I was unable to reproduce using the following steps:
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
name: default
namespace: gloo-system
spec:
virtualHost:
domains:
- 'foo.example.com'
routes:
- matchers:
- exact: /all-pets
options:
prefixRewrite: /api/pets
routeAction:
single:
upstream:
name: default-petstore-8080
namespace: gloo-system
apiVersion: v1
kind: Service
metadata:
name: petstore2
namespace: default
labels:
service: petstore
spec:
ports:
- port: 8080
protocol: TCP
selector:
app: petstore and the new vs: apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
name: default2
namespace: gloo-system
spec:
virtualHost:
domains:
- 'bar.example.com'
routes:
- matchers:
- exact: /all-pets
options:
prefixRewrite: /api/pets
routeAction:
single:
upstream:
name: default-petstore2-8080
namespace: gloo-system
The original route now returns a 404 initially and then gets the invalid route config, but the new route is reachable. |
@kdorosh Try again with gloo.discovery.enabled = false. In other words, manually create your upstreams. |
@asadoughi I am unable to reproduce as well even when using manually created upstreams. In your testing, have you ensured that a correct
|
Per slack conversations, it seems that as long as route replacement has been correctly configured (along with #3818 being fixed), we have been unable to reproduce the initially described issue. We will close this issue for now but happy to take another look if we get a concrete reproducer. |
Is your feature request related to a problem? Please describe.
When operating a multi-tenant environment with many teams sharing the same gloo control plane, if one team provides an incorrect
Upstream
it can prevent any other tenant from updating their configuration.Describe the solution you'd like
An option to treat incorrectly configured
Upstreams
as a warning and enable invalid route replacement for routes referencing thatUpstream
Possibly a statistic for
Upstreams
in a rejected stateDescribe alternatives you've considered
N/A
Additional context
Related: #3761
The text was updated successfully, but these errors were encountered: