Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Builtin DNS clash with multiple external services defined with the same host and different ports #2176

Closed
phclark opened this issue Jun 16, 2021 · 1 comment · Fixed by #2302
Closed

Builtin DNS clash with multiple external services defined with the same host and different ports #2176

phclark opened this issue Jun 16, 2021 · 1 comment · Fixed by #2302

Comments

@phclark
Copy link

phclark commented Jun 16, 2021
edited by jpeach
Loading

Summary

When using transparent proxying with built in DNS, multiple external services defined with the same host but different ports clash in their VIP definition, resulting in only one of the services being reachable by their full url:port combination. Using the .mesh domain, all services are reachable. Requests to all but one service result in either Empty reply from server or Connection reset by peer errors.

Steps To Reproduce

  1. Enable transparent proxying according to https://kuma.io/docs/1.1.6/networking/transparent-proxying/#transparent-proxying-2 and built in DNS with command:
sudo /usr/local/bin/kumactl install transparent-proxy \
  --kuma-dp-user kuma-dp \
  --exclude-inbound-ports 22,443,1433,80 \
  --exclude-outbound-ports 22,443,1433,80 \
  --skip-resolv-conf \
  --redirect-dns \
  --verbose \
  --kuma-cp-ip "${cp_ip_address}"

and start kuma-dp:

  /usr/local/bin/kuma-dp run \
--cp-address "${cp_address}" \
--dataplane-file /etc/kuma-dp.yaml \
--dataplane-var address="${ip_address}" \
--dataplane-token "${token}" \
--dns-enabled
  1. Define external services in control plane:
---
type: ExternalService
mesh: default
name: myservice-admin
tags:
  kuma.io/service: myservice-admin
  kuma.io/protocol: http
networking:
  address: 'myservice.com:8000'
  tls:
    enabled: false
---
type: ExternalService
mesh: default
name: myservice-api
tags:
  kuma.io/service: myservice-api
  kuma.io/protocol: http
networking:
  address: 'myservice.com:8001'
  tls:
    enabled: false

  1. Verify configuration by connecting using .mesh domain:
    curl myservice-admin.mesh:8000
    curl myservice-api.mesh:8001

  2. Try connect to services:
    curl myservice.com:8000
    curl myservice.com:8001

Additional Details & Logs

Kuma-dp running on Amazon Linux 2, with kuma version 1.1.6 and envoy version 1.17.1
pull bot pushed a commit to rizalgowandy/kuma that referenced this issue Jun 16, 2021
@lahabana
fix(kuma-cp) Clear snapshots from cache on disconnect (kumahq#2172)
b780f95 
Previously we were pushing an empty snapshot on the cache when a dp was disconnecting.
This was causing the dp to get an empty snapshot after a restart.
This would cause listeners to disappear for a short time and causing the traffic going through the dp to fail.
We now clear the snapshot from the dp to avoid this behaviour.

Fix kumahq#2176

Signed-off-by: Charly Molter <charly@koyeb.com>
@phclark
Copy link
Author

phclark commented Jun 18, 2021

FYI - I don't believe the commit above, b780f95, is correctly tagged to this issue

@lobkovilya lobkovilya mentioned this issue Jul 5, 2021
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(kuma-cp) allocate a new VIP for ExternalService host kumahq/kuma
1 participant
@phclark