Open infa-ddeore opened 3 years ago
@infa-ddeore can you please attach your config dump ?
@infa-ddeore can you please attach your config dump ?
it will have sensitive info so cant provide it, removing sensitive info from such big file is a lot of work, if i can reproduce this issue on other test cluster then i will provide the file
@infa-ddeore is it an Istio dump ? Do you have dynamic listeners ?
@infa-ddeore is it an Istio dump ? Do you have dynamic listeners ?
yes, it is an istio config_dump saved locally after port forward, not sure what do you mean by dynamic listeners, AFAIK we have static listeners configured in gateway object
same same. I tried using this with an appmesh config_dump no dice here the config_dump that didn't display anything:
{
"configs": [
{
"@type": "type.googleapis.com/envoy.admin.v3.BootstrapConfigDump",
"bootstrap": {
"node": {
"id": "mesh/somecorp-dev/virtualNode/front_cross-cluster-test-opa",
"cluster": "mesh/somecorp-dev/virtualNode/front_cross-cluster-test-opa",
"hidden_envoy_deprecated_build_version": "d5781aa6cf2986f0cc9f1905912dd2e40f7c220c/1.16.1/Modified/RELEASE/BoringSSL",
"user_agent_name": "envoy",
"user_agent_build_version": {
"version": {
"major_number": 1,
"minor_number": 16,
"patch": 1
},
"metadata": {
"revision.status": "Modified",
"revision.sha": "d5781aa6cf2986f0cc9f1905912dd2e40f7c220c",
"build.type": "RELEASE",
"ssl.version": "BoringSSL"
}
},
"extensions": [
{
"name": "envoy.dog_statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.metrics_service",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.dog_statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.hystrix",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.metrics_service",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.statsd",
"category": "envoy.stats_sinks"
},
{
"name": "quiche",
"category": "envoy.quic_server_codec"
},
{
"name": "envoy.compression.gzip.decompressor",
"category": "envoy.compression.decompressor"
},
{
"name": "envoy.filters.udp.dns_filter",
"category": "envoy.filters.udp_listener"
},
{
"name": "envoy.filters.udp_listener.udp_proxy",
"category": "envoy.filters.udp_listener"
},
{
"name": "envoy.filters.dubbo.router",
"category": "envoy.dubbo_proxy.filters"
},
{
"name": "envoy.compression.gzip.compressor",
"category": "envoy.compression.compressor"
},
{
"name": "dubbo.hessian2",
"category": "envoy.dubbo_proxy.serializers"
},
{
"name": "dubbo",
"category": "envoy.dubbo_proxy.protocols"
},
{
"name": "quiche_quic_listener",
"category": "envoy.udp_listeners"
},
{
"name": "raw_udp_listener",
"category": "envoy.udp_listeners"
},
{
"name": "quiche",
"category": "envoy.quic_client_codec"
},
{
"name": "envoy.transport_sockets.alts",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.quic",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.raw_buffer",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.tap",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.tls",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.upstream_proxy_protocol",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "raw_buffer",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "tls",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.watchdog.abort_action",
"category": "envoy.guarddog_actions"
},
{
"name": "envoy.watchdog.profile_action",
"category": "envoy.guarddog_actions"
},
{
"name": "envoy.extensions.network.socket_interface.default_socket_interface",
"category": "envoy.bootstrap"
},
{
"name": "envoy.retry_priorities.previous_priorities",
"category": "envoy.retry_priorities"
},
{
"name": "envoy.filters.connection_pools.http.generic",
"category": "envoy.upstreams"
},
{
"name": "envoy.filters.connection_pools.http.http",
"category": "envoy.upstreams"
},
{
"name": "envoy.filters.connection_pools.http.tcp",
"category": "envoy.upstreams"
},
{
"name": "envoy.buffer",
"category": "envoy.filters.http"
},
{
"name": "envoy.cors",
"category": "envoy.filters.http"
},
{
"name": "envoy.csrf",
"category": "envoy.filters.http"
},
{
"name": "envoy.ext_authz",
"category": "envoy.filters.http"
},
{
"name": "envoy.fault",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.adaptive_concurrency",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.admission_control",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.aws_lambda",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.aws_request_signing",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.buffer",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.cache",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.cdn_loop",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.compressor",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.cors",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.csrf",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.decompressor",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.dynamic_forward_proxy",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.dynamo",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ext_authz",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.fault",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_http1_bridge",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_http1_reverse_bridge",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_json_transcoder",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_stats",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_web",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.gzip",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.header_to_metadata",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.health_check",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ip_tagging",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.jwt_authn",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.local_ratelimit",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.lua",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.oauth",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.on_demand",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.original_src",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ratelimit",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.rbac",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.router",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.squash",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.tap",
"category": "envoy.filters.http"
},
{
"name": "envoy.grpc_http1_bridge",
"category": "envoy.filters.http"
},
{
"name": "envoy.grpc_json_transcoder",
"category": "envoy.filters.http"
},
{
"name": "envoy.grpc_web",
"category": "envoy.filters.http"
},
{
"name": "envoy.gzip",
"category": "envoy.filters.http"
},
{
"name": "envoy.health_check",
"category": "envoy.filters.http"
},
{
"name": "envoy.http_dynamo_filter",
"category": "envoy.filters.http"
},
{
"name": "envoy.ip_tagging",
"category": "envoy.filters.http"
},
{
"name": "envoy.local_rate_limit",
"category": "envoy.filters.http"
},
{
"name": "envoy.lua",
"category": "envoy.filters.http"
},
{
"name": "envoy.rate_limit",
"category": "envoy.filters.http"
},
{
"name": "envoy.router",
"category": "envoy.filters.http"
},
{
"name": "envoy.squash",
"category": "envoy.filters.http"
},
{
"name": "envoy.resource_monitors.fixed_heap",
"category": "envoy.resource_monitors"
},
{
"name": "envoy.resource_monitors.injected_resource",
"category": "envoy.resource_monitors"
},
{
"name": "envoy.dynamic.ot",
"category": "envoy.tracers"
},
{
"name": "envoy.lightstep",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.datadog",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.dynamic_ot",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.lightstep",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.opencensus",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.xray",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.zipkin",
"category": "envoy.tracers"
},
{
"name": "envoy.zipkin",
"category": "envoy.tracers"
},
{
"name": "envoy.extensions.http.cache.simple",
"category": "envoy.http.cache"
},
{
"name": "default",
"category": "envoy.dubbo_proxy.route_matchers"
},
{
"name": "envoy.grpc_credentials.aws_iam",
"category": "envoy.grpc_credentials"
},
{
"name": "envoy.grpc_credentials.default",
"category": "envoy.grpc_credentials"
},
{
"name": "envoy.grpc_credentials.file_based_metadata",
"category": "envoy.grpc_credentials"
},
{
"name": "envoy.filters.listener.http_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.original_dst",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.original_src",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.proxy_protocol",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.tls_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.http_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.original_dst",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.original_src",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.proxy_protocol",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.tls_inspector",
"category": "envoy.filters.listener"
},
{
"name": "auto",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "binary",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "binary/non-strict",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "compact",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "twitter",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "auto",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "framed",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "header",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "unframed",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "envoy.client_ssl_auth",
"category": "envoy.filters.network"
},
{
"name": "envoy.echo",
"category": "envoy.filters.network"
},
{
"name": "envoy.ext_authz",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.client_ssl_auth",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.direct_response",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.dubbo_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.echo",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.ext_authz",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.http_connection_manager",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.kafka_broker",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.local_ratelimit",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.mongo_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.mysql_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.postgres_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.ratelimit",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.rbac",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.redis_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.rocketmq_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.sni_cluster",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.sni_dynamic_forward_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.tcp_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.thrift_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.zookeeper_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.http_connection_manager",
"category": "envoy.filters.network"
},
{
"name": "envoy.mongo_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.ratelimit",
"category": "envoy.filters.network"
},
{
"name": "envoy.redis_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.tcp_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.thrift.rate_limit",
"category": "envoy.thrift_proxy.filters"
},
{
"name": "envoy.filters.thrift.router",
"category": "envoy.thrift_proxy.filters"
},
{
"name": "envoy.transport_sockets.alts",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.quic",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.raw_buffer",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.tap",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.tls",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "raw_buffer",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "tls",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.ip",
"category": "envoy.resolvers"
},
{
"name": "udp_default_writer",
"category": "envoy.udp_packet_writers"
},
{
"name": "udp_gso_batch_writer",
"category": "envoy.udp_packet_writers"
},
{
"name": "envoy.retry_host_predicates.omit_canary_hosts",
"category": "envoy.retry_host_predicates"
},
{
"name": "envoy.retry_host_predicates.omit_host_metadata",
"category": "envoy.retry_host_predicates"
},
{
"name": "envoy.retry_host_predicates.previous_hosts",
"category": "envoy.retry_host_predicates"
},
{
"name": "envoy.cluster.eds",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.logical_dns",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.original_dst",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.static",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.strict_dns",
"category": "envoy.clusters"
},
{
"name": "envoy.clusters.aggregate",
"category": "envoy.clusters"
},
{
"name": "envoy.clusters.dynamic_forward_proxy",
"category": "envoy.clusters"
},
{
"name": "envoy.clusters.redis",
"category": "envoy.clusters"
},
{
"name": "envoy.access_loggers.file",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.http_grpc",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.tcp_grpc",
"category": "envoy.access_loggers"
},
{
"name": "envoy.file_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.http_grpc_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.tcp_grpc_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.health_checkers.redis",
"category": "envoy.health_checkers"
},
{
"name": "envoy.internal_redirect_predicates.allow_listed_routes",
"category": "envoy.internal_redirect_predicates"
},
{
"name": "envoy.internal_redirect_predicates.previous_routes",
"category": "envoy.internal_redirect_predicates"
},
{
"name": "envoy.internal_redirect_predicates.safe_cross_scheme",
"category": "envoy.internal_redirect_predicates"
}
]
},
"static_resources": {
"listeners": [
{
"name": "outbound_proxy",
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 9001
}
},
"filter_chains": [
{
"filters": [
{
"name": "envoy.http_connection_manager",
"typed_config": {
"@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager",
"stat_prefix": "ingress_http",
"route_config": {
"name": "service_route",
"virtual_hosts": [
{
"name": "outbound_proxy",
"domains": [
"*"
],
"routes": [
{
"match": {
"prefix": "/"
},
"route": {
"cluster": "backend"
}
}
]
}
]
},
"http_filters": [
{
"name": "envoy.ext_authz",
"typed_config": {
"@type": "type.googleapis.com/envoy.config.filter.http.ext_authz.v2.ExtAuthz",
"grpc_service": {
"google_grpc": {
"target_uri": "127.0.0.1:8182",
"stat_prefix": "ext_authz"
},
"timeout": "0.500s"
},
"with_request_body": {
"max_request_bytes": 8192,
"allow_partial_message": true
}
}
},
{
"name": "envoy.router"
}
],
"access_log": [
{
"name": "envoy.file_access_log",
"config": {
"path": "/tmp/outbound-proxy.log"
}
}
],
"forward_client_cert_details": "APPEND_FORWARD",
"common_http_protocol_options": {
"idle_timeout": "1s"
}
}
}
]
}
]
}
],
"clusters": [
{
"name": "jaeger",
"type": "STRICT_DNS",
"connect_timeout": "1s",
"load_assignment": {
"cluster_name": "jaeger",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "collector.srv.stg.some-corp.net",
"port_value": 80
}
}
}
}
]
}
]
}
},
{
"name": "static_cluster_sds_unix_socket",
"type": "STATIC",
"connect_timeout": "1s",
"http2_protocol_options": {},
"load_assignment": {
"cluster_name": "static_cluster_sds_unix_socket",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"pipe": {
"path": "/run/spire/sockets/agent.sock"
}
}
}
}
]
}
]
}
},
{
"name": "backend",
"type": "STRICT_DNS",
"connect_timeout": "1s",
"hidden_envoy_deprecated_hosts": [
{
"socket_address": {
"address": "color.cross-cluster-test-opa.svc.cluster.local",
"port_value": 9001
}
}
],
"hidden_envoy_deprecated_tls_context": {
"common_tls_context": {
"tls_params": {
"ecdh_curves": [
"X25519:P-256:P-521:P-384"
]
},
"tls_certificate_sds_secret_configs": [
{
"name": "spiffe://non-prod.somecorp.io/demo1-dev/cross-cluster-test-opa/front",
"sds_config": {
"api_config_source": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "static_cluster_sds_unix_socket"
}
}
]
}
}
}
],
"combined_validation_context": {
"default_validation_context": {
"match_subject_alt_names": [
{
"exact": "spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/green"
},
{
"exact": "spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/blue"
},
{
"exact": "spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/red"
},
{
"exact": "spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/front"
},
{
"exact": "color-local-authz.cross-cluster-test-opa.svc.cluster.local"
}
]
},
"validation_context_sds_secret_config": {
"name": "spiffe://non-prod.somecorp.io",
"sds_config": {
"api_config_source": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "static_cluster_sds_unix_socket"
}
}
]
}
}
}
}
}
},
"http2_protocol_options": {}
}
]
},
"dynamic_resources": {
"lds_config": {
"ads": {},
"initial_fetch_timeout": "0s"
},
"cds_config": {
"ads": {},
"initial_fetch_timeout": "0s"
},
"ads_config": {
"api_type": "GRPC",
"grpc_services": [
{
"google_grpc": {
"target_uri": "appmesh-envoy-management.us-east-1.amazonaws.com:443",
"channel_credentials": {
"ssl_credentials": {
"root_certs": {
"filename": "/etc/pki/tls/cert.pem"
}
}
},
"call_credentials": [
{
"from_plugin": {
"name": "envoy.grpc_credentials.aws_iam",
"hidden_envoy_deprecated_config": {
"region": "us-east-1",
"service_name": "appmesh"
}
}
}
],
"stat_prefix": "ads",
"credentials_factory_name": "envoy.grpc_credentials.aws_iam"
}
}
]
}
},
"cluster_manager": {
"outlier_detection": {
"event_log_path": "/dev/stdout"
}
},
"tracing": {
"http": {
"name": "envoy.tracers.zipkin",
"typed_config": {
"@type": "type.googleapis.com/envoy.config.trace.v2.ZipkinConfig",
"collector_cluster": "jaeger",
"collector_endpoint": "/api/v2/spans",
"shared_span_context": false,
"collector_endpoint_version": "HTTP_JSON"
}
}
},
"admin": {
"access_log_path": "/tmp/envoy_admin_access.log",
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 9901
}
}
},
"layered_runtime": {
"layers": [
{
"name": "static_layer_0",
"static_layer": {
"envoy.deprecated_features:envoy.api.v2.route.HeaderMatcher.regex_match": true,
"envoy.deprecated_features:envoy.api.v2.Cluster.ORIGINAL_DST_LB": true,
"envoy.deprecated_features:envoy.listener.tls_inspector": true,
"envoy.deprecated_features:envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager.Tracing.operation_name": true,
"envoy.deprecated_features:envoy.api.v2.core.HealthCheck.HttpHealthCheck.use_http2": true,
"envoy.deprecated_features:envoy.api.v2.listener.Filter.config": true,
"envoy.deprecated_features:envoy.reloadable_features.enable_deprecated_v2_api_warning": true,
"envoy.deprecated_features:envoy.api.v2.Cluster.hosts": true,
"envoy.deprecated_features:envoy.listener.original_dst": true,
"envoy.deprecated_features:envoy.api.v2.Cluster.tls_context": true,
"envoy.deprecated_features:envoy.api.v2.core.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin.config": true,
"envoy.deprecated_features:envoy.config.metrics.v2.StatsSink.config": true,
"envoy.deprecated_features:envoy.api.v2.auth.CertificateValidationContext.verify_subject_alt_name": true,
"envoy.deprecated_features:envoy.api.v2.route.RouteMatch.regex": true
}
}
]
}
},
"last_updated": "2021-06-07T16:32:46.781Z"
},
{
"@type": "type.googleapis.com/envoy.admin.v3.ClustersConfigDump",
"version_info": "1817419614",
"static_clusters": [
{
"cluster": {
"@type": "type.googleapis.com/envoy.api.v2.Cluster",
"name": "backend",
"type": "STRICT_DNS",
"connect_timeout": "1s",
"hosts": [
{
"socket_address": {
"address": "color.cross-cluster-test-opa.svc.cluster.local",
"port_value": 9001
}
}
],
"tls_context": {
"common_tls_context": {
"tls_params": {
"ecdh_curves": [
"X25519:P-256:P-521:P-384"
]
},
"tls_certificate_sds_secret_configs": [
{
"name": "spiffe://non-prod.somecorp.io/demo1-dev/cross-cluster-test-opa/front",
"sds_config": {
"api_config_source": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "static_cluster_sds_unix_socket"
}
}
]
}
}
}
],
"combined_validation_context": {
"default_validation_context": {
"match_subject_alt_names": [
{
"exact": "spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/green"
},
{
"exact": "spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/blue"
},
{
"exact": "spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/red"
},
{
"exact": "spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/front"
},
{
"exact": "color-local-authz.cross-cluster-test-opa.svc.cluster.local"
}
]
},
"validation_context_sds_secret_config": {
"name": "spiffe://non-prod.somecorp.io",
"sds_config": {
"api_config_source": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "static_cluster_sds_unix_socket"
}
}
]
}
}
}
}
}
},
"http2_protocol_options": {}
},
"last_updated": "2021-06-07T16:32:46.795Z"
},
{
"cluster": {
"@type": "type.googleapis.com/envoy.api.v2.Cluster",
"name": "jaeger",
"type": "STRICT_DNS",
"connect_timeout": "1s",
"load_assignment": {
"cluster_name": "jaeger",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "collector.srv.stg.some-corp.net",
"port_value": 80
}
}
}
}
]
}
]
}
},
"last_updated": "2021-06-07T16:32:46.790Z"
},
{
"cluster": {
"@type": "type.googleapis.com/envoy.api.v2.Cluster",
"name": "static_cluster_sds_unix_socket",
"type": "STATIC",
"connect_timeout": "1s",
"http2_protocol_options": {},
"load_assignment": {
"cluster_name": "static_cluster_sds_unix_socket",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"pipe": {
"path": "/run/spire/sockets/agent.sock"
}
}
}
}
]
}
]
}
},
"last_updated": "2021-06-07T16:32:46.791Z"
}
],
"dynamic_active_clusters": [
{
"version_info": "1817419614",
"cluster": {
"@type": "type.googleapis.com/envoy.api.v2.Cluster",
"name": "cds_egress_somecorp-dev_amazonaws",
"type": "ORIGINAL_DST",
"connect_timeout": "1s",
"lb_policy": "ORIGINAL_DST_LB",
"circuit_breakers": {
"thresholds": [
{
"max_connections": 2147483647,
"max_pending_requests": 2147483647,
"max_requests": 2147483647,
"max_retries": 2147483647
}
]
}
},
"last_updated": "2021-06-07T16:32:46.923Z"
},
{
"version_info": "1817419614",
"cluster": {
"@type": "type.googleapis.com/envoy.api.v2.Cluster",
"name": "cds_egress_somecorp-dev_blue_cross-cluster-test-opa_http_8080",
"type": "EDS",
"eds_cluster_config": {
"eds_config": {
"ads": {}
}
},
"connect_timeout": "1s",
"health_checks": [
{
"timeout": "2s",
"interval": "5s",
"unhealthy_threshold": 2,
"healthy_threshold": 2,
"alt_port": 8080,
"http_health_check": {
"host": "color-blue-opa.mesh.dev.some-corp.net:8080",
"path": "/ping"
}
}
],
"circuit_breakers": {
"thresholds": [
{
"max_connections": 2147483647,
"max_pending_requests": 2147483647,
"max_requests": 2147483647,
"max_retries": 2147483647
}
]
},
"tls_context": {
"common_tls_context": {
"tls_certificate_sds_secret_configs": [
{
"name": "spiffe://non-prod.somecorp.io/demo1-dev/cross-cluster-test-opa/front",
"sds_config": {
"api_config_source": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "static_cluster_sds_unix_socket"
}
}
]
}
}
}
],
"combined_validation_context": {
"default_validation_context": {
"verify_subject_alt_name": [
"spiffe://non-prod.somecorp.io/demo1-dev/cross-cluster-test-opa/front",
"spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/blue",
"spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/red",
"spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/green"
]
},
"validation_context_sds_secret_config": {
"name": "spiffe://non-prod.somecorp.io",
"sds_config": {
"api_config_source": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "static_cluster_sds_unix_socket"
}
}
]
}
}
}
}
}
},
"drain_connections_on_host_removal": true
},
"last_updated": "2021-06-07T16:32:46.913Z"
},
{
"version_info": "1817419614",
"cluster": {
"@type": "type.googleapis.com/envoy.api.v2.Cluster",
"name": "cds_egress_somecorp-dev_green_cross-cluster-test-opa_http_9001",
"type": "EDS",
"eds_cluster_config": {
"eds_config": {
"ads": {}
}
},
"connect_timeout": "1s",
"health_checks": [
{
"timeout": "2s",
"interval": "5s",
"unhealthy_threshold": 2,
"healthy_threshold": 2,
"alt_port": 9001,
"http_health_check": {
"host": "color-green-opa.mesh.dev.some-corp.net:9001",
"path": "/"
}
}
],
"circuit_breakers": {
"thresholds": [
{
"max_connections": 2147483647,
"max_pending_requests": 2147483647,
"max_requests": 2147483647,
"max_retries": 2147483647
}
]
},
"tls_context": {
"common_tls_context": {
"tls_certificate_sds_secret_configs": [
{
"name": "spiffe://non-prod.somecorp.io/demo1-dev/cross-cluster-test-opa/front",
"sds_config": {
"api_config_source": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "static_cluster_sds_unix_socket"
}
}
]
}
}
}
],
"combined_validation_context": {
"default_validation_context": {
"verify_subject_alt_name": [
"spiffe://non-prod.somecorp.io/demo1-dev/cross-cluster-test-opa/front",
"spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/blue",
"spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/red",
"spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/green"
]
},
"validation_context_sds_secret_config": {
"name": "spiffe://non-prod.somecorp.io",
"sds_config": {
"api_config_source": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "static_cluster_sds_unix_socket"
}
}
]
}
}
}
}
}
},
"drain_connections_on_host_removal": true
},
"last_updated": "2021-06-07T16:32:46.917Z"
},
{
"version_info": "1817419614",
"cluster": {
"@type": "type.googleapis.com/envoy.api.v2.Cluster",
"name": "cds_egress_somecorp-dev_mesh-allow-all",
"type": "ORIGINAL_DST",
"connect_timeout": "30s",
"lb_policy": "ORIGINAL_DST_LB",
"circuit_breakers": {
"thresholds": [
{
"max_connections": 2147483647,
"max_pending_requests": 2147483647,
"max_requests": 2147483647,
"max_retries": 2147483647
}
]
}
},
"last_updated": "2021-06-07T16:32:46.925Z"
},
{
"version_info": "1817419614",
"cluster": {
"@type": "type.googleapis.com/envoy.api.v2.Cluster",
"name": "cds_egress_somecorp-dev_red_cross-cluster-test-opa_http_8080",
"type": "EDS",
"eds_cluster_config": {
"eds_config": {
"ads": {}
}
},
"connect_timeout": "1s",
"health_checks": [
{
"timeout": "2s",
"interval": "5s",
"unhealthy_threshold": 2,
"healthy_threshold": 2,
"alt_port": 8080,
"http_health_check": {
"host": "color-red-opa.mesh.dev.some-corp.net:8080",
"path": "/ping"
}
}
],
"circuit_breakers": {
"thresholds": [
{
"max_connections": 2147483647,
"max_pending_requests": 2147483647,
"max_requests": 2147483647,
"max_retries": 2147483647
}
]
},
"tls_context": {
"common_tls_context": {
"tls_certificate_sds_secret_configs": [
{
"name": "spiffe://non-prod.somecorp.io/demo1-dev/cross-cluster-test-opa/front",
"sds_config": {
"api_config_source": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "static_cluster_sds_unix_socket"
}
}
]
}
}
}
],
"combined_validation_context": {
"default_validation_context": {
"verify_subject_alt_name": [
"spiffe://non-prod.somecorp.io/demo1-dev/cross-cluster-test-opa/front",
"spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/blue",
"spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/red",
"spiffe://non-prod.somecorp.io/demo2-dev/cross-cluster-test-opa/green"
]
},
"validation_context_sds_secret_config": {
"name": "spiffe://non-prod.somecorp.io",
"sds_config": {
"api_config_source": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "static_cluster_sds_unix_socket"
}
}
]
}
}
}
}
}
},
"drain_connections_on_host_removal": true
},
"last_updated": "2021-06-07T16:32:46.921Z"
},
{
"version_info": "1817419614",
"cluster": {
"@type": "type.googleapis.com/envoy.api.v2.Cluster",
"name": "cds_ingress_somecorp-dev_front_cross-cluster-test-opa_http_9001",
"type": "STATIC",
"connect_timeout": "0.250s",
"circuit_breakers": {
"thresholds": [
{
"max_connections": 2147483647,
"max_pending_requests": 2147483647,
"max_requests": 2147483647,
"max_retries": 2147483647
}
]
},
"load_assignment": {
"cluster_name": "cds_ingress_somecorp-dev_front_cross-cluster-test-opa_http_9001",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 9001
}
}
}
}
]
}
]
}
},
"last_updated": "2021-06-07T16:32:46.922Z"
}
]
},
{
"@type": "type.googleapis.com/envoy.admin.v3.ListenersConfigDump",
"version_info": "1817419614",
"static_listeners": [
{
"listener": {
"@type": "type.googleapis.com/envoy.api.v2.Listener",
"name": "outbound_proxy",
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 9001
}
},
"filter_chains": [
{
"filters": [
{
"name": "envoy.http_connection_manager",
"typed_config": {
"@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager",
"stat_prefix": "ingress_http",
"route_config": {
"name": "service_route",
"virtual_hosts": [
{
"name": "outbound_proxy",
"domains": [
"*"
],
"routes": [
{
"match": {
"prefix": "/"
},
"route": {
"cluster": "backend"
}
}
]
}
]
},
"http_filters": [
{
"name": "envoy.ext_authz",
"typed_config": {
"@type": "type.googleapis.com/envoy.config.filter.http.ext_authz.v2.ExtAuthz",
"grpc_service": {
"google_grpc": {
"target_uri": "127.0.0.1:8182",
"stat_prefix": "ext_authz"
},
"timeout": "0.500s"
},
"with_request_body": {
"max_request_bytes": 8192,
"allow_partial_message": true
}
}
},
{
"name": "envoy.router"
}
],
"access_log": [
{
"name": "envoy.file_access_log",
"config": {
"path": "/tmp/outbound-proxy.log"
}
}
],
"forward_client_cert_details": "APPEND_FORWARD",
"common_http_protocol_options": {
"idle_timeout": "1s"
}
}
}
]
}
]
},
"last_updated": "2021-06-07T16:32:46.809Z"
}
],
"dynamic_listeners": [
{
"name": "lds_ingress_0.0.0.0_15000",
"active_state": {
"version_info": "1817419614",
"listener": {
"@type": "type.googleapis.com/envoy.api.v2.Listener",
"name": "lds_ingress_0.0.0.0_15000",
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 15000
}
},
"filter_chains": [
{
"filter_chain_match": {
"destination_port": 9001
},
"filters": [
{
"name": "envoy.http_connection_manager",
"config": {
"tracing": {},
"upgrade_configs": [
{
"enabled": true,
"upgrade_type": "websocket"
}
],
"http_filters": [
{
"name": "envoy.router"
}
],
"stat_prefix": "ingress",
"rds": {
"route_config_name": "rds_ingress_http_9001",
"config_source": {
"ads": {}
}
}
}
}
]
}
],
"listener_filters": [
{
"name": "envoy.listener.original_dst"
}
]
},
"last_updated": "2021-06-07T16:32:52.426Z"
}
},
{
"name": "lds_egress_0.0.0.0_15001",
"active_state": {
"version_info": "1817419614",
"listener": {
"@type": "type.googleapis.com/envoy.api.v2.Listener",
"name": "lds_egress_0.0.0.0_15001",
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 15001
}
},
"filter_chains": [
{
"filter_chain_match": {
"prefix_ranges": [
{
"address_prefix": "0.0.0.0",
"prefix_len": 0
}
],
"destination_port": 9001
},
"filters": [
{
"name": "envoy.http_connection_manager",
"config": {
"http_filters": [
{
"name": "envoy.router"
}
],
"stat_prefix": "egress",
"rds": {
"route_config_name": "rds_egress_http_9001",
"config_source": {
"ads": {}
}
},
"tracing": {
"operation_name": "EGRESS"
},
"upgrade_configs": [
{
"enabled": true,
"upgrade_type": "websocket"
}
]
}
}
]
},
{
"filter_chain_match": {
"prefix_ranges": [
{
"address_prefix": "0.0.0.0",
"prefix_len": 0
}
],
"destination_port": 443,
"server_names": [
"*.amazonaws.com"
]
},
"filters": [
{
"name": "envoy.tcp_proxy",
"config": {
"stat_prefix": "egress",
"cluster": "cds_egress_somecorp-dev_amazonaws"
}
}
]
},
{
"filter_chain_match": {
"prefix_ranges": [
{
"address_prefix": "0.0.0.0",
"prefix_len": 0
}
]
},
"filters": [
{
"name": "envoy.tcp_proxy",
"config": {
"stat_prefix": "egress",
"cluster": "cds_egress_somecorp-dev_mesh-allow-all"
}
}
]
},
{
"filter_chain_match": {
"prefix_ranges": [
{
"address_prefix": "0.0.0.0",
"prefix_len": 0
}
],
"destination_port": 443
},
"filters": [
{
"name": "envoy.tcp_proxy",
"config": {
"stat_prefix": "egress",
"cluster": "cds_egress_somecorp-dev_mesh-allow-all"
}
}
]
}
],
"listener_filters": [
{
"name": "envoy.listener.original_dst"
},
{
"name": "envoy.listener.tls_inspector",
"filter_disabled": {
"not_match": {
"or_match": {
"rules": [
{
"destination_port_range": {
"start": 443,
"end": 444
}
},
{
"destination_port_range": {
"start": 9001,
"end": 9002
}
}
]
}
}
}
}
]
},
"last_updated": "2021-06-07T16:32:52.430Z"
}
}
]
},
{
"@type": "type.googleapis.com/envoy.admin.v3.ScopedRoutesConfigDump"
},
{
"@type": "type.googleapis.com/envoy.admin.v3.RoutesConfigDump",
"static_route_configs": [
{
"route_config": {
"@type": "type.googleapis.com/envoy.api.v2.RouteConfiguration",
"name": "service_route",
"virtual_hosts": [
{
"name": "outbound_proxy",
"domains": [
"*"
],
"routes": [
{
"match": {
"prefix": "/"
},
"route": {
"cluster": "backend"
}
}
]
}
]
},
"last_updated": "2021-06-07T16:32:46.805Z"
}
],
"dynamic_route_configs": [
{
"version_info": "1817419614",
"route_config": {
"@type": "type.googleapis.com/envoy.api.v2.RouteConfiguration",
"name": "rds_ingress_http_9001",
"virtual_hosts": [
{
"name": "local_service",
"domains": [
"*"
],
"routes": [
{
"match": {
"prefix": "/"
},
"route": {
"cluster": "cds_ingress_somecorp-dev_front_cross-cluster-test-opa_http_9001"
}
}
]
}
]
},
"last_updated": "2021-06-07T16:32:52.434Z"
},
{
"version_info": "1817419614",
"route_config": {
"@type": "type.googleapis.com/envoy.api.v2.RouteConfiguration",
"name": "rds_egress_http_9001",
"virtual_hosts": [
{
"name": "color-authz.cross-cluster-test-opa.svc.cluster.local",
"domains": [
"color-authz.cross-cluster-test-opa.svc.cluster.local",
"color-authz.cross-cluster-test-opa.svc.cluster.local:9001"
],
"routes": [
{
"match": {
"prefix": "/",
"headers": [
{
"name": "color-header",
"exact_match": "blue"
}
]
},
"route": {
"weighted_clusters": {
"clusters": [
{
"name": "cds_egress_somecorp-dev_blue_cross-cluster-test-opa_http_8080",
"weight": 1
}
],
"total_weight": 1
},
"retry_policy": {
"retry_on": "unavailable,reset,connect-failure,refused-stream,retriable-status-codes",
"num_retries": 2,
"retry_host_predicate": [
{
"name": "envoy.retry_host_predicates.previous_hosts"
}
],
"host_selection_retry_max_attempts": "5",
"retriable_status_codes": [
503
]
}
}
},
{
"match": {
"prefix": "/",
"headers": [
{
"name": "color-header",
"exact_match": "green"
}
]
},
"route": {
"weighted_clusters": {
"clusters": [
{
"name": "cds_egress_somecorp-dev_green_cross-cluster-test-opa_http_9001",
"weight": 1
}
],
"total_weight": 1
},
"retry_policy": {
"retry_on": "unavailable,reset,connect-failure,refused-stream,retriable-status-codes",
"num_retries": 2,
"retry_host_predicate": [
{
"name": "envoy.retry_host_predicates.previous_hosts"
}
],
"host_selection_retry_max_attempts": "5",
"retriable_status_codes": [
503
]
}
}
},
{
"match": {
"prefix": "/",
"headers": [
{
"name": "color-header",
"exact_match": "red"
}
]
},
"route": {
"weighted_clusters": {
"clusters": [
{
"name": "cds_egress_somecorp-dev_red_cross-cluster-test-opa_http_8080",
"weight": 1
}
],
"total_weight": 1
},
"retry_policy": {
"retry_on": "unavailable,reset,connect-failure,refused-stream,retriable-status-codes",
"num_retries": 2,
"retry_host_predicate": [
{
"name": "envoy.retry_host_predicates.previous_hosts"
}
],
"host_selection_retry_max_attempts": "5",
"retriable_status_codes": [
503
]
}
}
}
]
},
{
"name": "mesh_allow_all",
"domains": [
"*"
],
"routes": [
{
"match": {
"prefix": "/"
},
"route": {
"cluster": "cds_egress_somecorp-dev_mesh-allow-all"
}
}
]
}
]
},
"last_updated": "2021-06-07T16:32:52.433Z"
}
]
},
{
"@type": "type.googleapis.com/envoy.admin.v3.SecretsConfigDump",
"dynamic_active_secrets": [
{
"name": "spiffe://non-prod.somecorp.io/demo1-dev/cross-cluster-test-opa/front",
"version_info": "8",
"last_updated": "2021-06-07T17:43:41.718Z",
"secret": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
"name": "spiffe://non-prod.somecorp.io/demo1-dev/cross-cluster-test-opa/front",
"tls_certificate": {
"certificate_chain": {
"inline_bytes": "******"
},
"private_key": {
"inline_bytes": "*****"
}
}
}
},
{
"name": "spiffe://non-prod.somecorp.io",
"version_info": "8",
"last_updated": "2021-06-07T17:43:41.717Z",
"secret": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
"name": "spiffe://non-prod.somecorp.io",
"validation_context": {
"trusted_ca": {
"inline_bytes": "*****"
}
}
}
}
]
}
]
}
for my 1.6M config dump, i get no output, i verified the config dump is valid by using
jq . <config_dum.json>
command