cluster manager: cluster activation after it failed because of secure transport socket not ready #13777
Assignees
Labels
Comments
yanavlasov
added
area/cluster_manager
area/xds
area/sds
lizan
pushed a commit
that referenced
this issue
Oct 27, 2020
…cret entity (#13344) This PR highly depends on #12783. Changed to keep warming if dynamic inserted clusters (when initialize doesn't finished) failed to extract TLS certificate and certificate validation context. They shouldn't be indicated as ACTIVE cluster. Risk Level: Mid Testing: Unit Docs Changes: Release Notes: Added Fixes #11120, future work: #13777 Signed-off-by: Shikugawa <rei@tetrate.io>
|
/assign @Shikugawa |
lizan
pushed a commit
to lizan/envoy
that referenced
this issue
Oct 30, 2020
…cret entity (envoyproxy#13344) This PR highly depends on envoyproxy#12783. Changed to keep warming if dynamic inserted clusters (when initialize doesn't finished) failed to extract TLS certificate and certificate validation context. They shouldn't be indicated as ACTIVE cluster. Risk Level: Mid Testing: Unit Docs Changes: Release Notes: Added Fixes envoyproxy#11120, future work: envoyproxy#13777 Signed-off-by: Shikugawa <rei@tetrate.io>
istio-testing
pushed a commit
to istio/envoy
that referenced
this issue
Nov 2, 2020
* cluster manager: avoid immediate activation for dynamic inserted cluster when initialize (envoyproxy#12783) Signed-off-by: Shikugawa <rei@tetrate.io> * sds: keep warming when dynamic inserted cluster can't be extracted secret entity (envoyproxy#13344) This PR highly depends on envoyproxy#12783. Changed to keep warming if dynamic inserted clusters (when initialize doesn't finished) failed to extract TLS certificate and certificate validation context. They shouldn't be indicated as ACTIVE cluster. Risk Level: Mid Testing: Unit Docs Changes: Release Notes: Added Fixes envoyproxy#11120, future work: envoyproxy#13777 Signed-off-by: Shikugawa <rei@tetrate.io> Co-authored-by: Rei Shimizu <rei@tetrate.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Related with #13344.
In the current implementation, it doesn't keep warming if SDS based secret entity can't be extracted because of the existence of runtime feature flag.
envoy.reloadable_features.cluster_keep_warming_no_secret_entity.To remove this, we should have delayed activate behavior on
clusterInit. I'm considering implementing with this approach.initial_fetch_timeoutoccurred, It doesn't change state from warming. When it was called, we should activate delayed callback which will activate the cluster by executingonClusterInitat regular intervals.It is only proposal. So I'm glad to introduce other approaches. cc @htuch
The text was updated successfully, but these errors were encountered: