fix: tcp listener is rejected when no route attached#4681
Merged
arkodg merged 13 commits intoenvoyproxy:mainfrom Nov 20, 2024
Merged
fix: tcp listener is rejected when no route attached#4681arkodg merged 13 commits intoenvoyproxy:mainfrom
arkodg merged 13 commits intoenvoyproxy:mainfrom
Conversation
zhaohuabing
force-pushed
the
fix-tcp-listener-without-route
branch
2 times, most recently
from
cb94a37 to
17f3476
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4681 +/- ##
==========================================
+ Coverage 65.56% 65.62% +0.05%
==========================================
Files 211 211
Lines 31998 32017 +19
==========================================
+ Hits 20979 21010 +31
+ Misses 9775 9764 -11
+ Partials 1244 1243 -1 ☔ View full report in Codecov by Sentry. |
Signed-off-by: Huabing Zhao <[email protected]>
zhaohuabing
force-pushed
the
fix-tcp-listener-without-route
branch
from
17f3476 to
9bcea0b
Compare
Contributor
|
thanks for looking into this @zhaohuabing |
Member
Author
can't connect vs connection reset by peer, the latter seems make more sense as there's a listening port on Envoy for the defined Gateway listener. no tcp listener: dummy filter chain |
Contributor
|
hey @zhaohuabing I prefer if we dont generate an xds listener for this case |
Member
it would be better if possiable. |
Contributor
|
from @haq204's comment #4680 (comment) , we may want to have a listener up for responding to TCP health checks |
Signed-off-by: Huabing Zhao <[email protected]>
arkodg
reviewed
Nov 19, 2024
| // If there are no routes, add a route without a destination to the listener to create a filter chain | ||
| // This is needed because Envoy requires a filter chain to be present in the listener, otherwise it will reject the listener and report a warning | ||
| if len(tcpListener.Routes) == 0 { | ||
| nullRouteCluster := &clusterv3.Cluster{ |
Contributor
There was a problem hiding this comment.
hey curious, what happens if we set xdsListener.FilterChains = [] for this case, does xDS still complain ?
Member
Author
There was a problem hiding this comment.
Envoy will complain no filter chains specified. It's a validation inside the Envoy listener impl instead of a proto type built-in validation.
type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) gateway-conformance-infra/same-namespace/tls: error adding listener '0.0.0.0:10443': no filter chains specified
Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: Huabing Zhao <[email protected]>
zhaohuabing
commented
Nov 19, 2024
| - endpoints: | ||
| - host: "1.2.3.4" | ||
| port: 50000 | ||
| routes: |
Member
Author
There was a problem hiding this comment.
This is a bug in the listener-connection-limit test. The routes field in the TCP Listener ir is missing.
This is not directly related to the issue addressed by this PR, but an empty cluster will be added if no route defined for the test.
zhaohuabing
commented
Nov 19, 2024
| - endpoints: | ||
| - host: "1.2.3.4" | ||
| port: 50000 | ||
| routes: |
Signed-off-by: Huabing Zhao <[email protected]>
zhaohuabing
commented
Nov 19, 2024
| - endpoints: | ||
| - host: "1.2.3.4" | ||
| port: 50000 | ||
| routes: |
zhaohuabing
commented
Nov 19, 2024
| - endpoints: | ||
| - host: "1.2.3.4" | ||
| port: 50000 | ||
| routes: |
Signed-off-by: Huabing Zhao <[email protected]>
zhaohuabing
commented
Nov 19, 2024
| port: 50000 | ||
| - host: "5.6.7.8" | ||
| port: 50001 | ||
| routes: |
Signed-off-by: Huabing Zhao <[email protected]>
zhaohuabing
commented
Nov 19, 2024
| port: 50000 | ||
| - host: "5.6.7.8" | ||
| port: 50001 | ||
| routes: |
Signed-off-by: Huabing Zhao <[email protected]>
zhaohuabing
commented
Nov 19, 2024
| name: envoy-gateway/gateway-1/tcp1 | ||
| port: 10080 | ||
| routes: | ||
| - destination: |
Signed-off-by: Huabing Zhao <[email protected]>
zirain
approved these changes
Nov 20, 2024
Member
|
/retest |
zhaohuabing
added a commit
to zhaohuabing/gateway
that referenced
this pull request
Nov 22, 2024
* fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao <[email protected]> * change cluter name Signed-off-by: Huabing Zhao <[email protected]> * fix listener connection limit test Signed-off-by: Huabing Zhao <[email protected]> * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp endpoint stats test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao <[email protected]> * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> (cherry picked from commit f99c36c) Signed-off-by: Huabing Zhao <[email protected]>
zhaohuabing
added a commit
that referenced
this pull request
Nov 27, 2024
* fix: tcp listener is rejected when no route attached (#4681) * fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao <[email protected]> * change cluter name Signed-off-by: Huabing Zhao <[email protected]> * fix listener connection limit test Signed-off-by: Huabing Zhao <[email protected]> * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp endpoint stats test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao <[email protected]> * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> (cherry picked from commit f99c36c) Signed-off-by: Huabing Zhao <[email protected]> * fix: remove backendrefs validation (#4705) * remove backendrefs validation Signed-off-by: Huabing Zhao <[email protected]> * add tests Signed-off-by: Huabing Zhao <[email protected]> * add tests Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Co-authored-by: zirain <[email protected]> (cherry picked from commit 5068698) Signed-off-by: Huabing Zhao <[email protected]> * fix: translator reports errors for existing clusters and secretes (#4707) * fix: existing clusters and secretes Signed-off-by: Huabing Zhao <[email protected]> * fix cluster index for SP Signed-off-by: Huabing Zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> * add comment Signed-off-by: Huabing Zhao <[email protected]> * remove index Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> * xds: always use `::` and `IPv4Compact` for dynamic listener (#4743) * enable IPv4Compact Signed-off-by: zirain <[email protected]> * fix xds test Signed-off-by: zirain <[email protected]> * release-notes Signed-off-by: zirain <[email protected]> * nit Signed-off-by: zirain <[email protected]> * gen Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> (cherry picked from commit 78da42c) Signed-off-by: Huabing Zhao <[email protected]> * Fix: frequent 503 errors when connecting to a Service experiencing high Pod churn (#4754) * Revert "fix: some status updates are discarded by the status updater (#4337)" This reverts commit 14830c7. Signed-off-by: Huabing Zhao <[email protected]> * store update events and process it later Signed-off-by: Huabing Zhao <[email protected]> * rename method Signed-off-by: Huabing Zhao <[email protected]> * add release note Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> * xds: use V4_PREFERRED dnsLookupFamily by default (#4745) * use Cluster_V4_PREFERRED Signed-off-by: zirain <[email protected]> * release notes Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: zirain <[email protected]> Co-authored-by: zirain <[email protected]>
guydc
pushed a commit
to guydc/gateway
that referenced
this pull request
Nov 27, 2024
* fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao <[email protected]> * change cluter name Signed-off-by: Huabing Zhao <[email protected]> * fix listener connection limit test Signed-off-by: Huabing Zhao <[email protected]> * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp endpoint stats test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao <[email protected]> * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> (cherry picked from commit f99c36c) Signed-off-by: Guy Daich <[email protected]>
guydc
added a commit
that referenced
this pull request
Nov 27, 2024
* fix: BackendTlsPolicy specify multiple targetRefs of the same service, only one will work (#4630) * add tests Signed-off-by: Huabing Zhao <[email protected]> * fix matching comparison Signed-off-by: Huabing Zhao <[email protected]> * add release note Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> (cherry picked from commit 44c2f74) Signed-off-by: Guy Daich <[email protected]> * fix: tcp listener is rejected when no route attached (#4681) * fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao <[email protected]> * change cluter name Signed-off-by: Huabing Zhao <[email protected]> * fix listener connection limit test Signed-off-by: Huabing Zhao <[email protected]> * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp endpoint stats test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao <[email protected]> * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> (cherry picked from commit f99c36c) Signed-off-by: Guy Daich <[email protected]> * Fix: frequent 503 errors when connecting to a Service experiencing high Pod churn (#4754) * Revert "fix: some status updates are discarded by the status updater (#4337)" This reverts commit 14830c7. Signed-off-by: Huabing Zhao <[email protected]> * store update events and process it later Signed-off-by: Huabing Zhao <[email protected]> * rename method Signed-off-by: Huabing Zhao <[email protected]> * add release note Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> (cherry picked from commit 8ec3095) Signed-off-by: Guy Daich <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Guy Daich <[email protected]> Co-authored-by: Huabing Zhao <[email protected]>
logand22
pushed a commit
to gravitational/gateway
that referenced
this pull request
Sep 8, 2025
) * fix: tcp listener is rejected when no route attached (envoyproxy#4681) * fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao <[email protected]> * change cluter name Signed-off-by: Huabing Zhao <[email protected]> * fix listener connection limit test Signed-off-by: Huabing Zhao <[email protected]> * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp endpoint stats test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao <[email protected]> * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> (cherry picked from commit f99c36c) Signed-off-by: Huabing Zhao <[email protected]> * fix: remove backendrefs validation (envoyproxy#4705) * remove backendrefs validation Signed-off-by: Huabing Zhao <[email protected]> * add tests Signed-off-by: Huabing Zhao <[email protected]> * add tests Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Co-authored-by: zirain <[email protected]> (cherry picked from commit 5068698) Signed-off-by: Huabing Zhao <[email protected]> * fix: translator reports errors for existing clusters and secretes (envoyproxy#4707) * fix: existing clusters and secretes Signed-off-by: Huabing Zhao <[email protected]> * fix cluster index for SP Signed-off-by: Huabing Zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> * add comment Signed-off-by: Huabing Zhao <[email protected]> * remove index Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> * xds: always use `::` and `IPv4Compact` for dynamic listener (envoyproxy#4743) * enable IPv4Compact Signed-off-by: zirain <[email protected]> * fix xds test Signed-off-by: zirain <[email protected]> * release-notes Signed-off-by: zirain <[email protected]> * nit Signed-off-by: zirain <[email protected]> * gen Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> (cherry picked from commit 78da42c) Signed-off-by: Huabing Zhao <[email protected]> * Fix: frequent 503 errors when connecting to a Service experiencing high Pod churn (envoyproxy#4754) * Revert "fix: some status updates are discarded by the status updater (envoyproxy#4337)" This reverts commit 14830c7. Signed-off-by: Huabing Zhao <[email protected]> * store update events and process it later Signed-off-by: Huabing Zhao <[email protected]> * rename method Signed-off-by: Huabing Zhao <[email protected]> * add release note Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> * xds: use V4_PREFERRED dnsLookupFamily by default (envoyproxy#4745) * use Cluster_V4_PREFERRED Signed-off-by: zirain <[email protected]> * release notes Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: zirain <[email protected]> Co-authored-by: zirain <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Create a default route pointing to a static cluster without endpoints when there is no TCPRoutes attached to a TCP listener. This avoids Envoy rejecting a listener without a filter chain and reporting warning.
Fixes #4680
Release Notes: Yes
Alternative consideration:
An alterantive approach could be to not create the xDS listener, but this behavior doesn't align with the Gateway semantics(which does defines a listener) and the behavior of the empty HTTP listener.
Other type of listeners: