fix: tcp listener is rejected when no route attached #4681
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zhaohuabing
force-pushed
the
fix-tcp-listener-without-route
branch
2 times, most recently
from
cb94a37 to
17f3476
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4681 +/- ##
==========================================
+ Coverage 65.56% 65.62% +0.05%
==========================================
Files 211 211
Lines 31998 32017 +19
==========================================
+ Hits 20979 21010 +31
+ Misses 9775 9764 -11
+ Partials 1244 1243 -1 ☔ View full report in Codecov by Sentry. |
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
zhaohuabing
force-pushed
the
fix-tcp-listener-without-route
branch
from
17f3476 to
9bcea0b
Compare
|
thanks for looking into this @zhaohuabing |
can't connect vs connection reset by peer, the latter seems make more sense as there's a listening port on Envoy for the defined Gateway listener. no tcp listener: dummy filter chain |
|
hey @zhaohuabing I prefer if we dont generate an xds listener for this case |
it would be better if possiable. |
|
from @haq204's comment #4680 (comment) , we may want to have a listener up for responding to TCP health checks |
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
arkodg
reviewed
Nov 19, 2024
| // If there are no routes, add a route without a destination to the listener to create a filter chain | ||
| // This is needed because Envoy requires a filter chain to be present in the listener, otherwise it will reject the listener and report a warning | ||
| if len(tcpListener.Routes) == 0 { | ||
| nullRouteCluster := &clusterv3.Cluster{ |
There was a problem hiding this comment.
hey curious, what happens if we set xdsListener.FilterChains = [] for this case, does xDS still complain ?
There was a problem hiding this comment.
Envoy will complain no filter chains specified. It's a validation inside the Envoy listener impl instead of a proto type built-in validation.
type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) gateway-conformance-infra/same-namespace/tls: error adding listener '0.0.0.0:10443': no filter chains specified
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
zhaohuabing
commented
Nov 19, 2024
| - endpoints: | ||
| - host: "1.2.3.4" | ||
| port: 50000 | ||
| routes: |
There was a problem hiding this comment.
This is a bug in the listener-connection-limit test. The routes field in the TCP Listener ir is missing.
This is not directly related to the issue addressed by this PR, but an empty cluster will be added if no route defined for the test.
zhaohuabing
commented
Nov 19, 2024
| - endpoints: | ||
| - host: "1.2.3.4" | ||
| port: 50000 | ||
| routes: |
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
zhaohuabing
commented
Nov 19, 2024
| - endpoints: | ||
| - host: "1.2.3.4" | ||
| port: 50000 | ||
| routes: |
zhaohuabing
commented
Nov 19, 2024
| - endpoints: | ||
| - host: "1.2.3.4" | ||
| port: 50000 | ||
| routes: |
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
zhaohuabing
commented
Nov 19, 2024
| port: 50000 | ||
| - host: "5.6.7.8" | ||
| port: 50001 | ||
| routes: |
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
zhaohuabing
commented
Nov 19, 2024
| port: 50000 | ||
| - host: "5.6.7.8" | ||
| port: 50001 | ||
| routes: |
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
zhaohuabing
commented
Nov 19, 2024
| @@ -66,6 +75,13 @@ tcp: | |||
| controllerName: gateway.envoyproxy.io/gatewayclass-controller | |||
| name: envoy-gateway/gateway-1/tcp1 | |||
| port: 10080 | |||
| routes: | |||
| - destination: | |||
zirain
approved these changes
Nov 20, 2024
|
/retest |
zhaohuabing
added a commit
to zhaohuabing/gateway
that referenced
this pull request
Nov 22, 2024
* fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * change cluter name Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix listener connection limit test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix tcp endpoint stats test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit f99c36c) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
zhaohuabing
added a commit
that referenced
this pull request
Nov 27, 2024
* fix: tcp listener is rejected when no route attached (#4681) * fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * change cluter name Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix listener connection limit test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix tcp endpoint stats test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit f99c36c) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix: remove backendrefs validation (#4705) * remove backendrefs validation Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add tests Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add tests Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> (cherry picked from commit 5068698) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix: translator reports errors for existing clusters and secretes (#4707) * fix: existing clusters and secretes Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix cluster index for SP Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * minor change Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * minor change Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * minor change Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * minor change Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add comment Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * remove index Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * xds: always use `::` and `IPv4Compact` for dynamic listener (#4743) * enable IPv4Compact Signed-off-by: zirain <zirain2009@gmail.com> * fix xds test Signed-off-by: zirain <zirain2009@gmail.com> * release-notes Signed-off-by: zirain <zirain2009@gmail.com> * nit Signed-off-by: zirain <zirain2009@gmail.com> * gen Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 78da42c) Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * Fix: frequent 503 errors when connecting to a Service experiencing high Pod churn (#4754) * Revert "fix: some status updates are discarded by the status updater (#4337)" This reverts commit 14830c7. Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * store update events and process it later Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * rename method Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add release note Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * xds: use V4_PREFERRED dnsLookupFamily by default (#4745) * use Cluster_V4_PREFERRED Signed-off-by: zirain <zirain2009@gmail.com> * release notes Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com>
guydc
pushed a commit
to guydc/gateway
that referenced
this pull request
Nov 27, 2024
* fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * change cluter name Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix listener connection limit test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix tcp endpoint stats test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit f99c36c) Signed-off-by: Guy Daich <guy.daich@sap.com>
guydc
added a commit
that referenced
this pull request
Nov 27, 2024
* fix: BackendTlsPolicy specify multiple targetRefs of the same service, only one will work (#4630) * add tests Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix matching comparison Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add release note Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 44c2f74) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: tcp listener is rejected when no route attached (#4681) * fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * change cluter name Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix listener connection limit test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix tcp endpoint stats test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit f99c36c) Signed-off-by: Guy Daich <guy.daich@sap.com> * Fix: frequent 503 errors when connecting to a Service experiencing high Pod churn (#4754) * Revert "fix: some status updates are discarded by the status updater (#4337)" This reverts commit 14830c7. Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * store update events and process it later Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * rename method Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add release note Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> (cherry picked from commit 8ec3095) Signed-off-by: Guy Daich <guy.daich@sap.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Signed-off-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Huabing Zhao <zhaohuabing@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Create a default route pointing to a static cluster without endpoints when there is no TCPRoutes attached to a TCP listener. This avoids Envoy rejecting a listener without a filter chain and reporting warning.
Fixes #4680
Release Notes: Yes
Alternative consideration:
An alterantive approach could be to not create the xDS listener, but this behavior doesn't align with the Gateway semantics(which does defines a listener) and the behavior of the empty HTTP listener.
Other type of listeners: