search

banzaicloud / istio-operator

An operator that manages Istio deployments on Kubernetes
Apache License 2.0
535 stars 94 forks source link

envoyfilter can not be used,I created a envoyfilter crd,but the workload do not have config updated #844

Closed 13567436138 closed 2 years ago

13567436138 commented 2 years ago

Describe the bug A clear and concise description of what the bug is.

Steps to reproduce the issue: Please describe the steps to reproduce the issue. envoyfilter can not be used,I created a envoyfilter crd,but the workload do not have config updated Expected behavior A clear and concise description of what you expected to happen. envoyfilter will be effected Screenshots If applicable, add screenshots to help explain your problem.

Additional context Add any other context about the problem like release number version, branch, etc.

13567436138 commented 2 years ago

my envoyfilter is flowing:

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: kafka-mesh
  namespace: istio
spec:
  workloadSelector:
    labels:
      name: kafka-producer
  configPatches:
  - applyTo: NETWORK_FILTER
    match:
      context: SIDECAR_OUTBOUND
      listener:
        portNumber: 29092 
        filterChain:
          filter:
            name: "envoy.filters.network.tcp_proxy"
    patch:
      operation: INSERT_BEFORE
      value:
          name: envoy.filters.network.kafka_mesh
          typed_config:
            "@type": type.googleapis.com/envoy.extensions.filters.network.kafka_mesh.v3alpha.KafkaMesh
            advertised_host: "127.0.0.1"
            advertised_port: 29092
            upstream_clusters:
            - cluster_name: kafka-c1
              bootstrap_servers: kafka-all-broker.istio:29092
              partition_count: 3
            - cluster_name: kafka-c2
              bootstrap_servers: kafka-c2-all-broker.istio:29092
              partition_count: 3
              producer_config:
                acks: "1"
                linger.ms: "500"
            forwarding_rules:
            - target_cluster: kafka-c1
              topic_prefix: my-topic
            - target_cluster: kafka-c2
              topic_prefix: my-topic2

I test envoyfilter in istio-system namespace,It will effective.

13567436138 commented 2 years ago

pod was started by:

kubectl -n istio run kafka-producer -it  --image=strimzi/kafka:0.12.2-kafka-2.2.1 --labels="name=kafka-producer" --rm --restart=Never -- bin/kafka-console-producer.sh --broker-list 127.0.0.1:29092 --topic my-topic

I checked everything ,really donot know what's wrong.anyboy can help

Laci21 commented 2 years ago

Create a K8s service for your pod and it should work.

Laci21 commented 2 years ago

I see this with a service present in the Envoy config:

         {
          "name": "envoy.filters.network.kafka_mesh",
          "typed_config": {
           "@type": "type.googleapis.com/envoy.extensions.filters.network.kafka_mesh.v3alpha.KafkaMesh",
           "advertised_host": "127.0.0.1",
           "advertised_port": 29092,
           "upstream_clusters": [
            {
             "cluster_name": "kafka-c1",
             "bootstrap_servers": "kafka-all-broker.istio:29092",
             "partition_count": 3
            },
            {
             "cluster_name": "kafka-c2",
             "bootstrap_servers": "kafka-c2-all-broker.istio:29092",
             "partition_count": 3,
             "producer_config": {
              "acks": "1",
              "linger.ms": "500"
             }
            }
           ],
           "forwarding_rules": [
            {
             "target_cluster": "kafka-c1",
             "topic_prefix": "my-topic"
            },
            {
             "target_cluster": "kafka-c2",
             "topic_prefix": "my-topic2"
            }
           ]
          }
         },
13567436138 commented 2 years ago

what kind of service,I create a service for kafka-producer,useless

Laci21 commented 2 years ago

I created a service like this:

apiVersion: v1
kind: Service
metadata:
  labels:
    name: kafka-producer
  name: kafka-producer
  namespace: istio
spec:
  ports:
    - name: http
      port: 29092
      protocol: TCP
      targetPort: 29092
  selector:
    name: kafka-producer
  sessionAffinity: None
  type: ClusterIP

Content can differ, but the point is Istio needs a service for service discovery.

If still not working, please provide more info on your setup. Exact steps what you did, versions, state of your cluster, state of your Envoy configs.

Laci21 commented 2 years ago

Please reopen if you still think there is an issue here.