envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
24.95k stars 4.8k forks source link

session_ticket_keys are not redacted in config_dump #19059

Closed PheonixS closed 2 years ago

PheonixS commented 2 years ago

Description: session_ticket_keys retrieved via SDS should be redacted from the output.

Looks like only initial state in revealed in the config dump. Next iterations of pushing new configuration is not updating value of inline_bytes.

Repro steps:

Run SDS server which will send the following schema to Envoy:

    var s = []types.Resource{
        &envoy_api_v3_auth.Secret{
            Name: "apimgateway_session_ticket_keys",
            Type: &envoy_api_v3_auth.Secret_SessionTicketKeys{
                SessionTicketKeys: &envoy_api_v3_auth.TlsSessionTicketKeys{
                    Keys: []*core.DataSource{
                        {Specifier: &core.DataSource_InlineBytes{InlineBytes: encryptionKey}},
                        {Specifier: &core.DataSource_InlineBytes{InlineBytes: decryptionKeyCandidate}},
                    },
                },
            },
        },
    }

Section of dynamic secrets:

{
   "@type": "type.googleapis.com/envoy.admin.v3.SecretsConfigDump",
   "dynamic_active_secrets": [
    {
     "name": "apimgateway_session_ticket_keys",
     "version_info": "1637309311149",
     "last_updated": "2021-11-19T08:08:31.150Z",
     "secret": {
      "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
      "name": "apimgateway_session_ticket_keys",
      "session_ticket_keys": {
       "keys": [
        {
         "inline_bytes": "W3JlZGFjdGVkXQ=="
        },
        {
         "inline_bytes": "W3JlZGFjdGVkXQ=="
        }
       ]
      }
     }
    }

Admin and Stats Output: Clusters:

``` xds_cluster::observability_name::xds_cluster xds_cluster::default_priority::max_connections::1024 xds_cluster::default_priority::max_pending_requests::1024 xds_cluster::default_priority::max_requests::1024 xds_cluster::default_priority::max_retries::3 xds_cluster::high_priority::max_connections::1024 xds_cluster::high_priority::max_pending_requests::1024 xds_cluster::high_priority::max_requests::1024 xds_cluster::high_priority::max_retries::3 xds_cluster::added_via_api::false xds_cluster::127.0.0.1:18000::cx_active::1 xds_cluster::127.0.0.1:18000::cx_connect_fail::0 xds_cluster::127.0.0.1:18000::cx_total::1 xds_cluster::127.0.0.1:18000::rq_active::1 xds_cluster::127.0.0.1:18000::rq_error::0 xds_cluster::127.0.0.1:18000::rq_success::0 xds_cluster::127.0.0.1:18000::rq_timeout::0 xds_cluster::127.0.0.1:18000::rq_total::1 xds_cluster::127.0.0.1:18000::hostname::localhost xds_cluster::127.0.0.1:18000::health_flags::healthy xds_cluster::127.0.0.1:18000::weight::1 xds_cluster::127.0.0.1:18000::region:: xds_cluster::127.0.0.1:18000::zone:: xds_cluster::127.0.0.1:18000::sub_zone:: xds_cluster::127.0.0.1:18000::canary::false xds_cluster::127.0.0.1:18000::priority::0 xds_cluster::127.0.0.1:18000::success_rate::-1.0 xds_cluster::127.0.0.1:18000::local_origin_success_rate::-1.0 ```

Listeners:

https::0.0.0.0:8443

Server info:

```json { "version": "96701cb24611b0f3aac1cc0dd8bf8589fbdf8e9e/1.20.0/Modified/RELEASE/BoringSSL", "state": "LIVE", "hot_restart_version": "disabled", "command_line_options": { "base_id": "0", "use_dynamic_base_id": false, "base_id_path": "", "concurrency": 12, "config_path": "envoy.yaml", "config_yaml": "", "allow_unknown_static_fields": false, "reject_unknown_dynamic_fields": false, "ignore_unknown_dynamic_fields": false, "admin_address_path": "", "local_address_ip_version": "v4", "log_level": "info", "component_log_level": "", "log_format": "[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v", "log_format_escaped": false, "log_path": "", "service_cluster": "", "service_node": "", "service_zone": "", "drain_strategy": "Gradual", "mode": "Serve", "disable_hot_restart": false, "enable_mutex_tracing": false, "restart_epoch": 0, "cpuset_threads": false, "disabled_extensions": [], "enable_fine_grain_logging": false, "socket_path": "@envoy_domain_socket", "socket_mode": 0, "enable_core_dump": false, "file_flush_interval": "10s", "drain_time": "600s", "parent_shutdown_time": "900s" }, "node": { "id": "1", "cluster": "gateway", "dynamic_parameters": {}, "user_agent_name": "envoy", "user_agent_build_version": { "version": { "major_number": 1, "minor_number": 20, "patch": 0 }, "metadata": { "build.type": "RELEASE", "revision.sha": "96701cb24611b0f3aac1cc0dd8bf8589fbdf8e9e", "ssl.version": "BoringSSL", "revision.status": "Modified" } }, "extensions": [ { "name": "envoy.extensions.http.cache.simple", "category": "envoy.http.cache", "type_descriptor": "", "disabled": false }, { "name": "auto", "category": "envoy.thrift_proxy.transports", "type_descriptor": "", "disabled": false }, { "name": "framed", "category": "envoy.thrift_proxy.transports", "type_descriptor": "", "disabled": false }, { "name": "header", "category": "envoy.thrift_proxy.transports", "type_descriptor": "", "disabled": false }, { "name": "unframed", "category": "envoy.thrift_proxy.transports", "type_descriptor": "", "disabled": false }, { "name": "envoy.health_checkers.redis", "category": "envoy.health_checkers", "type_descriptor": "", "disabled": false }, { "name": "envoy.resource_monitors.fixed_heap", "category": "envoy.resource_monitors", "type_descriptor": "", "disabled": false }, { "name": "envoy.resource_monitors.injected_resource", "category": "envoy.resource_monitors", "type_descriptor": "", "disabled": false }, { "name": "envoy.dynamic.ot", "category": "envoy.tracers", "type_descriptor": "", "disabled": false }, { "name": "envoy.lightstep", "category": "envoy.tracers", "type_descriptor": "", "disabled": false }, { "name": "envoy.tracers.datadog", "category": "envoy.tracers", "type_descriptor": "", "disabled": false }, { "name": "envoy.tracers.dynamic_ot", "category": "envoy.tracers", "type_descriptor": "", "disabled": false }, { "name": "envoy.tracers.lightstep", "category": "envoy.tracers", "type_descriptor": "", "disabled": false }, { "name": "envoy.tracers.opencensus", "category": "envoy.tracers", "type_descriptor": "", "disabled": false }, { "name": "envoy.tracers.skywalking", "category": "envoy.tracers", "type_descriptor": "", "disabled": false }, { "name": "envoy.tracers.xray", "category": "envoy.tracers", "type_descriptor": "", "disabled": false }, { "name": "envoy.tracers.zipkin", "category": "envoy.tracers", "type_descriptor": "", "disabled": false }, { "name": "envoy.zipkin", "category": "envoy.tracers", "type_descriptor": "", "disabled": false }, { "name": "envoy.formatter.metadata", "category": "envoy.formatter", "type_descriptor": "", "disabled": false }, { "name": "envoy.formatter.req_without_query", "category": "envoy.formatter", "type_descriptor": "", "disabled": false }, { "name": "composite-action", "category": "envoy.matching.action", "type_descriptor": "", "disabled": false }, { "name": "skip", "category": "envoy.matching.action", "type_descriptor": "", "disabled": false }, { "name": "envoy.matching.matchers.consistent_hashing", "category": "envoy.matching.input_matchers", "type_descriptor": "", "disabled": false }, { "name": "envoy.matching.matchers.ip", "category": "envoy.matching.input_matchers", "type_descriptor": "", "disabled": false }, { "name": "envoy.compression.brotli.decompressor", "category": "envoy.compression.decompressor", "type_descriptor": "", "disabled": false }, { "name": "envoy.compression.gzip.decompressor", "category": "envoy.compression.decompressor", "type_descriptor": "", "disabled": false }, { "name": "envoy.http.original_ip_detection.custom_header", "category": "envoy.http.original_ip_detection", "type_descriptor": "", "disabled": false }, { "name": "envoy.http.original_ip_detection.xff", "category": "envoy.http.original_ip_detection", "type_descriptor": "", "disabled": false }, { "name": "envoy.extensions.upstreams.http.v3.HttpProtocolOptions", "category": "envoy.upstream_options", "type_descriptor": "", "disabled": false }, { "name": "envoy.upstreams.http.http_protocol_options", "category": "envoy.upstream_options", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.alts", "category": "envoy.transport_sockets.upstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.quic", "category": "envoy.transport_sockets.upstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.raw_buffer", "category": "envoy.transport_sockets.upstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.starttls", "category": "envoy.transport_sockets.upstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.tap", "category": "envoy.transport_sockets.upstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.tls", "category": "envoy.transport_sockets.upstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.upstream_proxy_protocol", "category": "envoy.transport_sockets.upstream", "type_descriptor": "", "disabled": false }, { "name": "raw_buffer", "category": "envoy.transport_sockets.upstream", "type_descriptor": "", "disabled": false }, { "name": "starttls", "category": "envoy.transport_sockets.upstream", "type_descriptor": "", "disabled": false }, { "name": "tls", "category": "envoy.transport_sockets.upstream", "type_descriptor": "", "disabled": false }, { "name": "default", "category": "envoy.dubbo_proxy.route_matchers", "type_descriptor": "", "disabled": false }, { "name": "auto", "category": "envoy.thrift_proxy.protocols", "type_descriptor": "", "disabled": false }, { "name": "binary", "category": "envoy.thrift_proxy.protocols", "type_descriptor": "", "disabled": false }, { "name": "binary/non-strict", "category": "envoy.thrift_proxy.protocols", "type_descriptor": "", "disabled": false }, { "name": "compact", "category": "envoy.thrift_proxy.protocols", "type_descriptor": "", "disabled": false }, { "name": "twitter", "category": "envoy.thrift_proxy.protocols", "type_descriptor": "", "disabled": false }, { "name": "envoy.compression.brotli.compressor", "category": "envoy.compression.compressor", "type_descriptor": "", "disabled": false }, { "name": "envoy.compression.gzip.compressor", "category": "envoy.compression.compressor", "type_descriptor": "", "disabled": false }, { "name": "dubbo", "category": "envoy.dubbo_proxy.protocols", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.thrift.rate_limit", "category": "envoy.thrift_proxy.filters", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.thrift.router", "category": "envoy.thrift_proxy.filters", "type_descriptor": "", "disabled": false }, { "name": "envoy.access_loggers.file", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.access_loggers.http_grpc", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.access_loggers.open_telemetry", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.access_loggers.stderr", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.access_loggers.stdout", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.access_loggers.tcp_grpc", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.access_loggers.wasm", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.file_access_log", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.http_grpc_access_log", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.open_telemetry_access_log", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.stderr_access_log", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.stdout_access_log", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.tcp_grpc_access_log", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.wasm_access_log", "category": "envoy.access_loggers", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.connection_pools.tcp.generic", "category": "envoy.upstreams", "type_descriptor": "", "disabled": false }, { "name": "envoy.bootstrap.wasm", "category": "envoy.bootstrap", "type_descriptor": "", "disabled": false }, { "name": "envoy.extensions.network.socket_interface.default_socket_interface", "category": "envoy.bootstrap", "type_descriptor": "", "disabled": false }, { "name": "envoy.matching.common_inputs.environment_variable", "category": "envoy.matching.common_inputs", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.dubbo.router", "category": "envoy.dubbo_proxy.filters", "type_descriptor": "", "disabled": false }, { "name": "envoy.bandwidth_limit", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.buffer", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.cors", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.csrf", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.ext_authz", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.ext_proc", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.fault", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.adaptive_concurrency", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.admission_control", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.alternate_protocols_cache", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.aws_lambda", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.aws_request_signing", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.bandwidth_limit", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.buffer", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.cache", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.cdn_loop", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.composite", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.compressor", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.cors", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.csrf", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.decompressor", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.dynamic_forward_proxy", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.dynamo", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.ext_authz", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.ext_proc", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.fault", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.grpc_http1_bridge", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.grpc_http1_reverse_bridge", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.grpc_json_transcoder", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.grpc_stats", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.grpc_web", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.header_to_metadata", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.health_check", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.ip_tagging", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.jwt_authn", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.local_ratelimit", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.lua", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.oauth2", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.on_demand", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.original_src", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.ratelimit", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.rbac", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.router", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.set_metadata", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.tap", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.http.wasm", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.grpc_http1_bridge", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.grpc_json_transcoder", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.grpc_web", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.health_check", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.http_dynamo_filter", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.ip_tagging", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.local_rate_limit", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.lua", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.rate_limit", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.router", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "match-wrapper", "category": "envoy.filters.http", "type_descriptor": "", "disabled": false }, { "name": "envoy.retry_host_predicates.omit_canary_hosts", "category": "envoy.retry_host_predicates", "type_descriptor": "", "disabled": false }, { "name": "envoy.retry_host_predicates.omit_host_metadata", "category": "envoy.retry_host_predicates", "type_descriptor": "", "disabled": false }, { "name": "envoy.retry_host_predicates.previous_hosts", "category": "envoy.retry_host_predicates", "type_descriptor": "", "disabled": false }, { "name": "envoy.grpc_credentials.aws_iam", "category": "envoy.grpc_credentials", "type_descriptor": "", "disabled": false }, { "name": "envoy.grpc_credentials.default", "category": "envoy.grpc_credentials", "type_descriptor": "", "disabled": false }, { "name": "envoy.grpc_credentials.file_based_metadata", "category": "envoy.grpc_credentials", "type_descriptor": "", "disabled": false }, { "name": "envoy.retry_priorities.previous_priorities", "category": "envoy.retry_priorities", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.alts", "category": "envoy.transport_sockets.downstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.quic", "category": "envoy.transport_sockets.downstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.raw_buffer", "category": "envoy.transport_sockets.downstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.starttls", "category": "envoy.transport_sockets.downstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.tap", "category": "envoy.transport_sockets.downstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.transport_sockets.tls", "category": "envoy.transport_sockets.downstream", "type_descriptor": "", "disabled": false }, { "name": "raw_buffer", "category": "envoy.transport_sockets.downstream", "type_descriptor": "", "disabled": false }, { "name": "starttls", "category": "envoy.transport_sockets.downstream", "type_descriptor": "", "disabled": false }, { "name": "tls", "category": "envoy.transport_sockets.downstream", "type_descriptor": "", "disabled": false }, { "name": "envoy.client_ssl_auth", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.echo", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.ext_authz", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.client_ssl_auth", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.connection_limit", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.direct_response", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.dubbo_proxy", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.echo", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.ext_authz", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.http_connection_manager", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.local_ratelimit", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.mongo_proxy", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.ratelimit", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.rbac", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.redis_proxy", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.sni_cluster", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.sni_dynamic_forward_proxy", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.tcp_proxy", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.thrift_proxy", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.wasm", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.network.zookeeper_proxy", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.http_connection_manager", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.mongo_proxy", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.ratelimit", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.redis_proxy", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.tcp_proxy", "category": "envoy.filters.network", "type_descriptor": "", "disabled": false }, { "name": "envoy.internal_redirect_predicates.allow_listed_routes", "category": "envoy.internal_redirect_predicates", "type_descriptor": "", "disabled": false }, { "name": "envoy.internal_redirect_predicates.previous_routes", "category": "envoy.internal_redirect_predicates", "type_descriptor": "", "disabled": false }, { "name": "envoy.internal_redirect_predicates.safe_cross_scheme", "category": "envoy.internal_redirect_predicates", "type_descriptor": "", "disabled": false }, { "name": "preserve_case", "category": "envoy.http.stateful_header_formatters", "type_descriptor": "", "disabled": false }, { "name": "envoy.key_value.file_based", "category": "envoy.common.key_value", "type_descriptor": "", "disabled": false }, { "name": "envoy.dog_statsd", "category": "envoy.stats_sinks", "type_descriptor": "", "disabled": false }, { "name": "envoy.graphite_statsd", "category": "envoy.stats_sinks", "type_descriptor": "", "disabled": false }, { "name": "envoy.metrics_service", "category": "envoy.stats_sinks", "type_descriptor": "", "disabled": false }, { "name": "envoy.stat_sinks.dog_statsd", "category": "envoy.stats_sinks", "type_descriptor": "", "disabled": false }, { "name": "envoy.stat_sinks.graphite_statsd", "category": "envoy.stats_sinks", "type_descriptor": "", "disabled": false }, { "name": "envoy.stat_sinks.hystrix", "category": "envoy.stats_sinks", "type_descriptor": "", "disabled": false }, { "name": "envoy.stat_sinks.metrics_service", "category": "envoy.stats_sinks", "type_descriptor": "", "disabled": false }, { "name": "envoy.stat_sinks.statsd", "category": "envoy.stats_sinks", "type_descriptor": "", "disabled": false }, { "name": "envoy.stat_sinks.wasm", "category": "envoy.stats_sinks", "type_descriptor": "", "disabled": false }, { "name": "envoy.statsd", "category": "envoy.stats_sinks", "type_descriptor": "", "disabled": false }, { "name": "envoy.rbac.matchers.upstream.upstream_ip_port", "category": "envoy.rbac.matchers", "type_descriptor": "", "disabled": false }, { "name": "request-headers", "category": "envoy.matching.http.input", "type_descriptor": "", "disabled": false }, { "name": "request-trailers", "category": "envoy.matching.http.input", "type_descriptor": "", "disabled": false }, { "name": "response-headers", "category": "envoy.matching.http.input", "type_descriptor": "", "disabled": false }, { "name": "response-trailers", "category": "envoy.matching.http.input", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.udp.dns_filter", "category": "envoy.filters.udp_listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.udp_listener.udp_proxy", "category": "envoy.filters.udp_listener", "type_descriptor": "", "disabled": false }, { "name": "dubbo.hessian2", "category": "envoy.dubbo_proxy.serializers", "type_descriptor": "", "disabled": false }, { "name": "envoy.wasm.runtime.null", "category": "envoy.wasm.runtime", "type_descriptor": "", "disabled": false }, { "name": "envoy.wasm.runtime.v8", "category": "envoy.wasm.runtime", "type_descriptor": "", "disabled": false }, { "name": "envoy.watchdog.abort_action", "category": "envoy.guarddog_actions", "type_descriptor": "", "disabled": false }, { "name": "envoy.watchdog.profile_action", "category": "envoy.guarddog_actions", "type_descriptor": "", "disabled": false }, { "name": "envoy.rate_limit_descriptors.expr", "category": "envoy.rate_limit_descriptors", "type_descriptor": "", "disabled": false }, { "name": "envoy.quic.crypto_stream.server.quiche", "category": "envoy.quic.server.crypto_stream", "type_descriptor": "", "disabled": false }, { "name": "envoy.quic.proof_source.filter_chain", "category": "envoy.quic.proof_source", "type_descriptor": "", "disabled": false }, { "name": "envoy.request_id.uuid", "category": "envoy.request_id", "type_descriptor": "", "disabled": false }, { "name": "envoy.cluster.eds", "category": "envoy.clusters", "type_descriptor": "", "disabled": false }, { "name": "envoy.cluster.logical_dns", "category": "envoy.clusters", "type_descriptor": "", "disabled": false }, { "name": "envoy.cluster.original_dst", "category": "envoy.clusters", "type_descriptor": "", "disabled": false }, { "name": "envoy.cluster.static", "category": "envoy.clusters", "type_descriptor": "", "disabled": false }, { "name": "envoy.cluster.strict_dns", "category": "envoy.clusters", "type_descriptor": "", "disabled": false }, { "name": "envoy.clusters.aggregate", "category": "envoy.clusters", "type_descriptor": "", "disabled": false }, { "name": "envoy.clusters.dynamic_forward_proxy", "category": "envoy.clusters", "type_descriptor": "", "disabled": false }, { "name": "envoy.clusters.redis", "category": "envoy.clusters", "type_descriptor": "", "disabled": false }, { "name": "envoy.tls.cert_validator.default", "category": "envoy.tls.cert_validator", "type_descriptor": "", "disabled": false }, { "name": "envoy.tls.cert_validator.spiffe", "category": "envoy.tls.cert_validator", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.listener.http_inspector", "category": "envoy.filters.listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.listener.original_dst", "category": "envoy.filters.listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.listener.original_src", "category": "envoy.filters.listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.listener.proxy_protocol", "category": "envoy.filters.listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.filters.listener.tls_inspector", "category": "envoy.filters.listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.listener.http_inspector", "category": "envoy.filters.listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.listener.original_dst", "category": "envoy.filters.listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.listener.original_src", "category": "envoy.filters.listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.listener.proxy_protocol", "category": "envoy.filters.listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.listener.tls_inspector", "category": "envoy.filters.listener", "type_descriptor": "", "disabled": false }, { "name": "envoy.ip", "category": "envoy.resolvers", "type_descriptor": "", "disabled": false } ], "client_features": [], "listening_addresses": [] }, "uptime_current_epoch": "270s", "uptime_all_epochs": "270s" } ```

Config:

```yaml node: cluster: gateway id: "1" admin: access_log_path: /dev/null address: socket_address: protocol: TCP address: 127.0.0.1 port_value: 19000 static_resources: listeners: - name: https address: socket_address: address: 0.0.0.0 port_value: 8443 listener_filters: - name: "envoy.filters.listener.tls_inspector" filter_chains: - filter_chain_match: server_names: - localhost filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager codec_type: AUTO use_remote_address: true strip_any_host_port: true stat_prefix: ingress route_config: name: default virtual_hosts: - name: default domains: - "*" routes: - match: path: "/" direct_response: status: 200 transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext common_tls_context: alpn_protocols: - "h2" - "http/1.1" tls_certificates: - certificate_chain: filename: server.crt private_key: filename: server.key session_ticket_keys_sds_secret_config: name: apimgateway_session_ticket_keys sds_config: resource_api_version: V3 api_config_source: set_node_on_first_message_only: true api_type: GRPC transport_api_version: V3 grpc_services: envoy_grpc: cluster_name: xds_cluster clusters: - name: xds_cluster http2_protocol_options: {} connect_timeout: 5s type: STRICT_DNS lb_policy: LEAST_REQUEST dns_lookup_family: V4_ONLY load_assignment: cluster_name: xds_cluster endpoints: - lb_endpoints: - endpoint: address: socket_address: address: localhost port_value: 18000 transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext common_tls_context: tls_certificates: - certificate_chain: filename: client.crt private_key: filename: client.key ```

Logs:

``` [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:368] initializing epoch 0 (base id=0, hot restart version=disabled) [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:370] statically linked extensions: [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.filters.listener: envoy.filters.listener.http_inspector, envoy.filters.listener.original_dst, envoy.filters.listener.original_src, envoy.filters.listener.proxy_protocol, envoy.filters.listener.tls_inspector, envoy.listener.http_inspector, envoy.listener.original_dst, envoy.listener.original_src, envoy.listener.proxy_protocol, envoy.listener.tls_inspector [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.thrift_proxy.filters: envoy.filters.thrift.rate_limit, envoy.filters.thrift.router [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.wasm.runtime: envoy.wasm.runtime.null, envoy.wasm.runtime.v8 [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.transport_sockets.downstream: envoy.transport_sockets.alts, envoy.transport_sockets.quic, envoy.transport_sockets.raw_buffer, envoy.transport_sockets.starttls, envoy.transport_sockets.tap, envoy.transport_sockets.tls, raw_buffer, starttls, tls [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.retry_host_predicates: envoy.retry_host_predicates.omit_canary_hosts, envoy.retry_host_predicates.omit_host_metadata, envoy.retry_host_predicates.previous_hosts [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.common.key_value: envoy.key_value.file_based [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.tracers: envoy.dynamic.ot, envoy.lightstep, envoy.tracers.datadog, envoy.tracers.dynamic_ot, envoy.tracers.lightstep, envoy.tracers.opencensus, envoy.tracers.skywalking, envoy.tracers.xray, envoy.tracers.zipkin, envoy.zipkin [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.request_id: envoy.request_id.uuid [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.http.stateful_header_formatters: preserve_case [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.filters.udp_listener: envoy.filters.udp.dns_filter, envoy.filters.udp_listener.udp_proxy [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.dubbo_proxy.protocols: dubbo [2021-11-19 09:29:30.303][550990][info][main] [source/server/server.cc:372] envoy.thrift_proxy.transports: auto, framed, header, unframed [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.filters.http: envoy.bandwidth_limit, envoy.buffer, envoy.cors, envoy.csrf, envoy.ext_authz, envoy.ext_proc, envoy.fault, envoy.filters.http.adaptive_concurrency, envoy.filters.http.admission_control, envoy.filters.http.alternate_protocols_cache, envoy.filters.http.aws_lambda, envoy.filters.http.aws_request_signing, envoy.filters.http.bandwidth_limit, envoy.filters.http.buffer, envoy.filters.http.cache, envoy.filters.http.cdn_loop, envoy.filters.http.composite, envoy.filters.http.compressor, envoy.filters.http.cors, envoy.filters.http.csrf, envoy.filters.http.decompressor, envoy.filters.http.dynamic_forward_proxy, envoy.filters.http.dynamo, envoy.filters.http.ext_authz, envoy.filters.http.ext_proc, envoy.filters.http.fault, envoy.filters.http.grpc_http1_bridge, envoy.filters.http.grpc_http1_reverse_bridge, envoy.filters.http.grpc_json_transcoder, envoy.filters.http.grpc_stats, envoy.filters.http.grpc_web, envoy.filters.http.header_to_metadata, envoy.filters.http.health_check, envoy.filters.http.ip_tagging, envoy.filters.http.jwt_authn, envoy.filters.http.local_ratelimit, envoy.filters.http.lua, envoy.filters.http.oauth2, envoy.filters.http.on_demand, envoy.filters.http.original_src, envoy.filters.http.ratelimit, envoy.filters.http.rbac, envoy.filters.http.router, envoy.filters.http.set_metadata, envoy.filters.http.tap, envoy.filters.http.wasm, envoy.grpc_http1_bridge, envoy.grpc_json_transcoder, envoy.grpc_web, envoy.health_check, envoy.http_dynamo_filter, envoy.ip_tagging, envoy.local_rate_limit, envoy.lua, envoy.rate_limit, envoy.router, match-wrapper [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.rate_limit_descriptors: envoy.rate_limit_descriptors.expr [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.upstreams: envoy.filters.connection_pools.tcp.generic [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.compression.decompressor: envoy.compression.brotli.decompressor, envoy.compression.gzip.decompressor [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.matching.input_matchers: envoy.matching.matchers.consistent_hashing, envoy.matching.matchers.ip [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.tls.cert_validator: envoy.tls.cert_validator.default, envoy.tls.cert_validator.spiffe [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.rbac.matchers: envoy.rbac.matchers.upstream.upstream_ip_port [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.dubbo_proxy.filters: envoy.filters.dubbo.router [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.upstream_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions, envoy.upstreams.http.http_protocol_options [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.quic.proof_source: envoy.quic.proof_source.filter_chain [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.access_loggers: envoy.access_loggers.file, envoy.access_loggers.http_grpc, envoy.access_loggers.open_telemetry, envoy.access_loggers.stderr, envoy.access_loggers.stdout, envoy.access_loggers.tcp_grpc, envoy.access_loggers.wasm, envoy.file_access_log, envoy.http_grpc_access_log, envoy.open_telemetry_access_log, envoy.stderr_access_log, envoy.stdout_access_log, envoy.tcp_grpc_access_log, envoy.wasm_access_log [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.matching.common_inputs: envoy.matching.common_inputs.environment_variable [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.grpc_credentials: envoy.grpc_credentials.aws_iam, envoy.grpc_credentials.default, envoy.grpc_credentials.file_based_metadata [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.matching.action: composite-action, skip [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.stats_sinks: envoy.dog_statsd, envoy.graphite_statsd, envoy.metrics_service, envoy.stat_sinks.dog_statsd, envoy.stat_sinks.graphite_statsd, envoy.stat_sinks.hystrix, envoy.stat_sinks.metrics_service, envoy.stat_sinks.statsd, envoy.stat_sinks.wasm, envoy.statsd [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.filters.network: envoy.client_ssl_auth, envoy.echo, envoy.ext_authz, envoy.filters.network.client_ssl_auth, envoy.filters.network.connection_limit, envoy.filters.network.direct_response, envoy.filters.network.dubbo_proxy, envoy.filters.network.echo, envoy.filters.network.ext_authz, envoy.filters.network.http_connection_manager, envoy.filters.network.local_ratelimit, envoy.filters.network.mongo_proxy, envoy.filters.network.ratelimit, envoy.filters.network.rbac, envoy.filters.network.redis_proxy, envoy.filters.network.sni_cluster, envoy.filters.network.sni_dynamic_forward_proxy, envoy.filters.network.tcp_proxy, envoy.filters.network.thrift_proxy, envoy.filters.network.wasm, envoy.filters.network.zookeeper_proxy, envoy.http_connection_manager, envoy.mongo_proxy, envoy.ratelimit, envoy.redis_proxy, envoy.tcp_proxy [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.transport_sockets.upstream: envoy.transport_sockets.alts, envoy.transport_sockets.quic, envoy.transport_sockets.raw_buffer, envoy.transport_sockets.starttls, envoy.transport_sockets.tap, envoy.transport_sockets.tls, envoy.transport_sockets.upstream_proxy_protocol, raw_buffer, starttls, tls [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.dubbo_proxy.route_matchers: default [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.thrift_proxy.protocols: auto, binary, binary/non-strict, compact, twitter [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.formatter: envoy.formatter.metadata, envoy.formatter.req_without_query [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.http.cache: envoy.extensions.http.cache.simple [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.internal_redirect_predicates: envoy.internal_redirect_predicates.allow_listed_routes, envoy.internal_redirect_predicates.previous_routes, envoy.internal_redirect_predicates.safe_cross_scheme [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.matching.http.input: request-headers, request-trailers, response-headers, response-trailers [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.http.original_ip_detection: envoy.http.original_ip_detection.custom_header, envoy.http.original_ip_detection.xff [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.health_checkers: envoy.health_checkers.redis [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.clusters: envoy.cluster.eds, envoy.cluster.logical_dns, envoy.cluster.original_dst, envoy.cluster.static, envoy.cluster.strict_dns, envoy.clusters.aggregate, envoy.clusters.dynamic_forward_proxy, envoy.clusters.redis [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.resource_monitors: envoy.resource_monitors.fixed_heap, envoy.resource_monitors.injected_resource [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.guarddog_actions: envoy.watchdog.abort_action, envoy.watchdog.profile_action [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.resolvers: envoy.ip [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.quic.server.crypto_stream: envoy.quic.crypto_stream.server.quiche [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.compression.compressor: envoy.compression.brotli.compressor, envoy.compression.gzip.compressor [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.dubbo_proxy.serializers: dubbo.hessian2 [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.retry_priorities: envoy.retry_priorities.previous_priorities [2021-11-19 09:29:30.304][550990][info][main] [source/server/server.cc:372] envoy.bootstrap: envoy.bootstrap.wasm, envoy.extensions.network.socket_interface.default_socket_interface [2021-11-19 09:29:30.311][550990][warning][misc] [source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.cluster.v3.Cluster Using deprecated option 'envoy.config.cluster.v3.Cluster.http2_protocol_options' from file cluster.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. [2021-11-19 09:29:30.311][550990][warning][misc] [source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.bootstrap.v3.Admin Using deprecated option 'envoy.config.bootstrap.v3.Admin.access_log_path' from file bootstrap.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. [2021-11-19 09:29:30.311][550990][info][main] [source/server/server.cc:390] HTTP header map info: [2021-11-19 09:29:30.312][550990][debug][runtime] [source/common/runtime/runtime_features.cc:31] Unable to use runtime singleton for feature envoy.http.headermap.lazy_map_min_size [2021-11-19 09:29:30.312][550990][debug][runtime] [source/common/runtime/runtime_features.cc:20] Unable to use runtime singleton for feature envoy.reloadable_features.header_map_correctly_coalesce_cookies [2021-11-19 09:29:30.312][550990][debug][runtime] [source/common/runtime/runtime_features.cc:31] Unable to use runtime singleton for feature envoy.http.headermap.lazy_map_min_size [2021-11-19 09:29:30.312][550990][debug][runtime] [source/common/runtime/runtime_features.cc:20] Unable to use runtime singleton for feature envoy.reloadable_features.header_map_correctly_coalesce_cookies [2021-11-19 09:29:30.313][550990][debug][runtime] [source/common/runtime/runtime_features.cc:31] Unable to use runtime singleton for feature envoy.http.headermap.lazy_map_min_size [2021-11-19 09:29:30.313][550990][debug][runtime] [source/common/runtime/runtime_features.cc:20] Unable to use runtime singleton for feature envoy.reloadable_features.header_map_correctly_coalesce_cookies [2021-11-19 09:29:30.313][550990][debug][runtime] [source/common/runtime/runtime_features.cc:31] Unable to use runtime singleton for feature envoy.http.headermap.lazy_map_min_size [2021-11-19 09:29:30.313][550990][debug][runtime] [source/common/runtime/runtime_features.cc:20] Unable to use runtime singleton for feature envoy.reloadable_features.header_map_correctly_coalesce_cookies [2021-11-19 09:29:30.313][550990][info][main] [source/server/server.cc:393] request header map: 640 bytes: :authority,:method,:path,:protocol,:scheme,accept,accept-encoding,access-control-request-method,authentication,authorization,cache-control,cdn-loop,connection,content-encoding,content-length,content-type,expect,grpc-accept-encoding,grpc-timeout,if-match,if-modified-since,if-none-match,if-range,if-unmodified-since,keep-alive,origin,pragma,proxy-connection,referer,te,transfer-encoding,upgrade,user-agent,via,x-client-trace-id,x-envoy-attempt-count,x-envoy-decorator-operation,x-envoy-downstream-service-cluster,x-envoy-downstream-service-node,x-envoy-expected-rq-timeout-ms,x-envoy-external-address,x-envoy-force-trace,x-envoy-hedge-on-per-try-timeout,x-envoy-internal,x-envoy-ip-tags,x-envoy-max-retries,x-envoy-original-path,x-envoy-original-url,x-envoy-retriable-header-names,x-envoy-retriable-status-codes,x-envoy-retry-grpc-on,x-envoy-retry-on,x-envoy-upstream-alt-stat-name,x-envoy-upstream-rq-per-try-timeout-ms,x-envoy-upstream-rq-timeout-alt-response,x-envoy-upstream-rq-timeout-ms,x-envoy-upstream-stream-duration-ms,x-forwarded-client-cert,x-forwarded-for,x-forwarded-proto,x-ot-span-context,x-request-id [2021-11-19 09:29:30.313][550990][info][main] [source/server/server.cc:393] request trailer map: 136 bytes: [2021-11-19 09:29:30.313][550990][info][main] [source/server/server.cc:393] response header map: 432 bytes: :status,access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,access-control-expose-headers,access-control-max-age,age,cache-control,connection,content-encoding,content-length,content-type,date,etag,expires,grpc-message,grpc-status,keep-alive,last-modified,location,proxy-connection,server,transfer-encoding,upgrade,vary,via,x-envoy-attempt-count,x-envoy-decorator-operation,x-envoy-degraded,x-envoy-immediate-health-check-fail,x-envoy-ratelimited,x-envoy-upstream-canary,x-envoy-upstream-healthchecked-cluster,x-envoy-upstream-service-time,x-request-id [2021-11-19 09:29:30.313][550990][info][main] [source/server/server.cc:393] response trailer map: 160 bytes: grpc-message,grpc-status [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.shrink_heap. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.314][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reduce_timeouts. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.stop_accepting_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reject_incoming_connections. [2021-11-19 09:29:30.315][550990][debug][main] [source/server/overload_manager_impl.cc:376] No overload action is configured for envoy.overload_actions.reset_high_memory_stream. [2021-11-19 09:29:30.315][550990][info][main] [source/server/server.cc:740] runtime: {} [2021-11-19 09:29:30.316][550990][info][admin] [source/server/admin/admin.cc:135] admin address: 127.0.0.1:19000 [2021-11-19 09:29:30.317][550990][info][config] [source/server/configuration_impl.cc:127] loading tracing configuration [2021-11-19 09:29:30.317][550990][info][config] [source/server/configuration_impl.cc:87] loading 0 static secret(s) [2021-11-19 09:29:30.317][550990][info][config] [source/server/configuration_impl.cc:93] loading 1 cluster(s) [2021-11-19 09:29:30.317][551018][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.325][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:29:30.325][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:100] cm init: adding: cluster=xds_cluster primary=1 secondary=0 [2021-11-19 09:29:30.325][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:154] maybe finish initialize state: 1 [2021-11-19 09:29:30.325][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:163] maybe finish initialize primary init clusters empty: false [2021-11-19 09:29:30.325][550990][info][config] [source/server/configuration_impl.cc:97] loading 1 listener(s) [2021-11-19 09:29:30.325][550990][debug][config] [source/server/configuration_impl.cc:99] listener #0: [2021-11-19 09:29:30.326][550990][debug][config] [source/server/listener_manager_impl.cc:391] begin add/update listener: name=https hash=14821592761009976038 [2021-11-19 09:29:30.326][550990][debug][config] [source/server/listener_manager_impl.cc:428] use full listener update path for listener name=https hash=14821592761009976038 [2021-11-19 09:29:30.326][550990][warning][config] [source/server/listener_impl.cc:868] reuse_port was configured for TCP listener 'https' and is being force disabled because Envoy is not running on Linux. See the documentation for more information. [2021-11-19 09:29:30.326][550990][debug][config] [source/server/listener_manager_impl.cc:116] filter #0: [2021-11-19 09:29:30.326][550990][debug][config] [source/server/listener_manager_impl.cc:117] name: envoy.filters.listener.tls_inspector [2021-11-19 09:29:30.326][550990][debug][config] [source/server/listener_manager_impl.cc:120] config: {} [2021-11-19 09:29:30.327][550990][debug][init] [source/common/init/manager_impl.cc:24] added shared target SdsApi apimgateway_session_ticket_keys to init manager Listener-local-init-manager https 14821592761009976038 [2021-11-19 09:29:30.327][550990][debug][config] [source/server/listener_manager_impl.cc:85] filter #0: [2021-11-19 09:29:30.327][550990][debug][config] [source/server/listener_manager_impl.cc:86] name: envoy.filters.network.http_connection_manager [2021-11-19 09:29:30.327][550990][debug][config] [source/server/listener_manager_impl.cc:89] config: {"@type":"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager","codec_type":"AUTO","strip_any_host_port":true,"use_remote_address":true,"route_config":{"name":"default","virtual_hosts":[{"domains":["*"],"name":"default","routes":[{"direct_response":{"status":200},"match":{"path":"/"}}]}]},"stat_prefix":"ingress"} [2021-11-19 09:29:30.331][550990][debug][config] [source/server/filter_chain_manager_impl.cc:237] new fc_contexts has 1 filter chains, including 1 newly built [2021-11-19 09:29:30.331][550990][debug][init] [source/common/init/manager_impl.cc:24] added target Listener-init-target https to init manager Server [2021-11-19 09:29:30.332][550990][debug][config] [source/server/listener_impl.cc:145] Create listen socket for listener https on address 0.0.0.0:8443 [2021-11-19 09:29:30.332][550990][debug][config] [source/server/listener_impl.cc:155] https: Setting socket options succeeded [2021-11-19 09:29:30.332][550990][debug][config] [source/server/listener_impl.cc:99] Set listener https socket factory local address to 0.0.0.0:8443 [2021-11-19 09:29:30.332][550990][debug][config] [source/server/listener_impl.cc:743] add active listener: name=https, hash=14821592761009976038, address=0.0.0.0:8443 [2021-11-19 09:29:30.332][550990][info][config] [source/server/configuration_impl.cc:109] loading stats configuration [2021-11-19 09:29:30.332][550990][info][main] [source/server/server.cc:836] starting main dispatch loop [2021-11-19 09:29:30.332][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:29:30.332][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:29:30.332][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:29:30.332][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:29:30.332][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:149] DNS hosts have changed for localhost [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:1156] initializing Primary cluster xds_cluster completed [2021-11-19 09:29:30.333][550990][debug][init] [source/common/init/manager_impl.cc:49] init manager Cluster xds_cluster contains no targets [2021-11-19 09:29:30.333][550990][debug][init] [source/common/init/watcher_impl.cc:14] init manager Cluster xds_cluster initialized, notifying ClusterImplBase [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:134] cm init: init complete: cluster=xds_cluster primary=0 secondary=0 [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:154] maybe finish initialize state: 1 [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:163] maybe finish initialize primary init clusters empty: true [2021-11-19 09:29:30.333][550990][debug][init] [source/common/init/manager_impl.cc:49] init manager RTDS contains no targets [2021-11-19 09:29:30.333][550990][debug][init] [source/common/init/watcher_impl.cc:14] init manager RTDS initialized, notifying RTDS [2021-11-19 09:29:30.333][550990][info][runtime] [source/common/runtime/runtime_impl.cc:449] RTDS has finished initialization [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:224] continue initializing secondary clusters [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:154] maybe finish initialize state: 2 [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:163] maybe finish initialize primary init clusters empty: true [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:178] maybe finish initialize secondary init clusters empty: true [2021-11-19 09:29:30.333][550990][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:200] maybe finish initialize cds api ready: false [2021-11-19 09:29:30.333][550990][info][upstream] [source/common/upstream/cluster_manager_impl.cc:206] cm init: all clusters initialized [2021-11-19 09:29:30.333][550990][info][main] [source/server/server.cc:817] all clusters initialized. initializing init manager [2021-11-19 09:29:30.333][550990][debug][init] [source/common/init/manager_impl.cc:53] init manager Server initializing [2021-11-19 09:29:30.333][550990][debug][init] [source/common/init/target_impl.cc:15] init manager Server initializing target Listener-init-target https [2021-11-19 09:29:30.333][550990][debug][init] [source/common/init/manager_impl.cc:53] init manager Listener-local-init-manager https 14821592761009976038 initializing [2021-11-19 09:29:30.333][550990][debug][init] [source/common/init/target_impl.cc:15] init manager Listener-local-init-manager https 14821592761009976038 initializing shared target SdsApi apimgateway_session_ticket_keys [2021-11-19 09:29:30.333][550990][debug][config] [source/common/config/grpc_mux_impl.cc:111] gRPC mux addWatch for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret [2021-11-19 09:29:30.333][550990][debug][config] [source/common/config/grpc_mux_impl.cc:310] No stream available to queueDiscoveryRequest for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret [2021-11-19 09:29:30.333][550990][debug][config] [./source/common/config/grpc_stream.h:61] Establishing new gRPC bidi stream for rpc StreamSecrets(stream .envoy.service.discovery.v3.DiscoveryRequest) returns (stream .envoy.service.discovery.v3.DiscoveryResponse); [2021-11-19 09:29:30.334][550990][debug][router] [source/common/router/router.cc:457] [C0][S9742989890159168091] cluster 'xds_cluster' match for URL '/envoy.service.secret.v3.SecretDiscoveryService/StreamSecrets' [2021-11-19 09:29:30.334][550990][debug][router] [source/common/router/router.cc:673] [C0][S9742989890159168091] router decoding headers: ':method', 'POST' ':path', '/envoy.service.secret.v3.SecretDiscoveryService/StreamSecrets' ':authority', 'xds_cluster' ':scheme', 'http' 'te', 'trailers' 'content-type', 'application/grpc' 'x-envoy-internal', 'true' 'x-forwarded-for', '192.168.178.22' [2021-11-19 09:29:30.334][550990][debug][pool] [source/common/http/conn_pool_base.cc:74] queueing stream due to no available connections [2021-11-19 09:29:30.334][550990][debug][pool] [source/common/conn_pool/conn_pool_base.cc:255] trying to create new connection [2021-11-19 09:29:30.334][550990][debug][pool] [source/common/conn_pool/conn_pool_base.cc:143] creating a new connection [2021-11-19 09:29:30.335][550990][debug][http2] [source/common/http/http2/codec_impl.cc:1313] [C0] updating connection-level initial window size to 268435456 [2021-11-19 09:29:30.335][550990][debug][client] [source/common/http/codec_client.cc:60] [C0] connecting [2021-11-19 09:29:30.335][550990][debug][connection] [source/common/network/connection_impl.cc:890] [C0] connecting to 127.0.0.1:18000 [2021-11-19 09:29:30.335][550990][debug][connection] [source/common/network/connection_impl.cc:909] [C0] connection in progress [2021-11-19 09:29:30.336][550990][warning][main] [source/server/server.cc:715] there is no configured limit to the number of allowed active connections. Set a limit via the runtime key overload.global_downstream_max_connections [2021-11-19 09:29:30.336][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:29:30.336][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:29:30.336][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:29:30.336][550990][debug][connection] [source/common/network/connection_impl.cc:672] [C0] connected [2021-11-19 09:29:30.340][550990][debug][client] [source/common/http/codec_client.cc:88] [C0] connected [2021-11-19 09:29:30.340][550990][debug][pool] [source/common/conn_pool/conn_pool_base.cc:293] [C0] attaching to next stream [2021-11-19 09:29:30.340][550990][debug][pool] [source/common/conn_pool/conn_pool_base.cc:176] [C0] creating stream [2021-11-19 09:29:30.340][550990][debug][router] [source/common/router/upstream_request.cc:416] [C0][S9742989890159168091] pool ready [2021-11-19 09:29:30.341][550990][debug][router] [source/common/router/router.cc:1285] [C0][S9742989890159168091] upstream headers complete: end_stream=false [2021-11-19 09:29:30.341][550990][debug][http] [source/common/http/async_client_impl.cc:101] async http request response headers (end_stream=false): ':status', '200' 'content-type', 'application/grpc' [2021-11-19 09:29:30.341][550990][debug][config] [source/common/config/grpc_mux_impl.cc:163] Received gRPC message for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret at version 1637310533113 [2021-11-19 09:29:30.341][550990][debug][config] [source/common/config/grpc_mux_impl.cc:141] Pausing discovery requests for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret (previous count 0) [2021-11-19 09:29:30.341][550990][debug][config] [source/extensions/transport_sockets/tls/ssl_socket.cc:432] Secret is updated. [2021-11-19 09:29:30.342][550990][debug][init] [source/common/init/watcher_impl.cc:14] shared target SdsApi apimgateway_session_ticket_keys initialized, notifying init manager Listener-local-init-manager https 14821592761009976038 [2021-11-19 09:29:30.342][550990][debug][init] [source/common/init/watcher_impl.cc:14] init manager Listener-local-init-manager https 14821592761009976038 initialized, notifying Listener-local-init-watcher https [2021-11-19 09:29:30.342][550990][debug][init] [source/common/init/watcher_impl.cc:14] target Listener-init-target https initialized, notifying init manager Server [2021-11-19 09:29:30.342][550990][debug][init] [source/common/init/watcher_impl.cc:14] init manager Server initialized, notifying RunHelper [2021-11-19 09:29:30.342][550990][info][config] [source/server/listener_manager_impl.cc:779] all dependencies initialized. starting workers [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 0 [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 1 [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 2 [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 3 [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 4 [2021-11-19 09:29:30.342][551022][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 5 [2021-11-19 09:29:30.342][551023][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][551022][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 6 [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 7 [2021-11-19 09:29:30.342][551024][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][551022][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 8 [2021-11-19 09:29:30.342][551025][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][551024][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551026][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][551023][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551025][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551026][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551027][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][551028][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][551029][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][551030][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 9 [2021-11-19 09:29:30.342][551028][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551031][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 10 [2021-11-19 09:29:30.342][551029][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551032][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][551031][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551031][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.342][550990][debug][config] [source/server/listener_manager_impl.cc:816] starting worker 11 [2021-11-19 09:29:30.342][551024][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.342][551028][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.342][551034][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][551036][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][551035][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][551037][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][551038][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][551033][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][551029][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.342][551039][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][551038][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551026][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.342][551033][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551040][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][551025][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.342][551041][debug][main] [source/server/worker_impl.cc:123] worker entering dispatch loop [2021-11-19 09:29:30.342][551040][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551038][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.342][551042][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][551033][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.342][551043][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][551041][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1024] adding TLS cluster xds_cluster [2021-11-19 09:29:30.342][551044][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.342][551045][debug][grpc] [source/common/grpc/google_async_client_impl.cc:50] completionThread running [2021-11-19 09:29:30.343][551040][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.343][551041][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.343][551023][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:1087] membership update for TLS cluster xds_cluster added 1 removed 0 [2021-11-19 09:29:30.343][550990][debug][config] [source/common/config/grpc_subscription_impl.cc:83] gRPC config for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret accepted with 1 resources with version 1637310533113 [2021-11-19 09:29:30.343][550990][debug][config] [source/common/config/grpc_mux_impl.cc:148] Resuming discovery requests for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret (previous count 1) [2021-11-19 09:29:30.343][550990][debug][config] [source/common/config/grpc_mux_impl.cc:163] Received gRPC message for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret at version 1637310563114 [2021-11-19 09:29:30.343][550990][debug][config] [source/common/config/grpc_mux_impl.cc:141] Pausing discovery requests for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret (previous count 0) [2021-11-19 09:29:30.344][550990][debug][config] [source/common/config/grpc_subscription_impl.cc:83] gRPC config for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret accepted with 1 resources with version 1637310563114 [2021-11-19 09:29:30.344][550990][debug][config] [source/common/config/grpc_mux_impl.cc:148] Resuming discovery requests for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret (previous count 1) [2021-11-19 09:29:35.337][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:29:35.337][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:29:35.337][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:29:35.337][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:29:35.337][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:29:35.337][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:29:35.337][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:29:35.337][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:29:35.338][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:29:35.338][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:29:35.338][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:29:35.338][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:29:40.340][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:29:40.340][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:29:40.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:29:40.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:29:40.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:29:40.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:29:40.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:29:40.341][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:29:40.341][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:29:40.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:29:40.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:29:40.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:29:45.340][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:29:45.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:29:45.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:29:45.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:29:45.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:29:45.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:29:45.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:29:45.341][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:29:45.341][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:29:45.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:29:45.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:29:45.341][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:29:50.343][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:29:50.343][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:29:50.344][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:29:50.344][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:29:50.344][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:29:50.344][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:29:50.344][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:29:50.344][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:29:50.344][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:29:50.344][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:29:50.344][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:29:50.344][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:29:53.110][550990][debug][config] [source/common/config/grpc_mux_impl.cc:163] Received gRPC message for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret at version 1637310593110 [2021-11-19 09:29:53.110][550990][debug][config] [source/common/config/grpc_mux_impl.cc:141] Pausing discovery requests for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret (previous count 0) [2021-11-19 09:29:53.110][550990][debug][config] [source/extensions/transport_sockets/tls/ssl_socket.cc:432] Secret is updated. [2021-11-19 09:29:53.111][550990][debug][config] [source/common/config/grpc_subscription_impl.cc:83] gRPC config for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret accepted with 1 resources with version 1637310593110 [2021-11-19 09:29:53.111][550990][debug][config] [source/common/config/grpc_mux_impl.cc:148] Resuming discovery requests for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret (previous count 1) [2021-11-19 09:29:55.348][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:29:55.348][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:29:55.349][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:29:55.349][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:29:55.349][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:29:55.349][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:29:55.349][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:29:55.349][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:29:55.349][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:29:55.349][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:29:55.349][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:29:55.349][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:30:00.350][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:30:00.350][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:30:00.350][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:30:00.350][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:30:00.350][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:30:00.350][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:30:00.350][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:30:00.350][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:30:00.350][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:30:00.350][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:30:00.350][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:30:00.350][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:30:05.353][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:30:05.354][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:30:05.354][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:30:05.354][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:30:05.354][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:30:05.354][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:30:05.354][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:30:05.354][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:30:05.354][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:30:05.354][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:30:05.354][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:30:05.354][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:30:10.358][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:30:10.358][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:30:10.359][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:30:10.359][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:30:10.359][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:30:10.359][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:30:10.359][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:30:10.359][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:30:10.359][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:30:10.359][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:30:10.359][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:30:10.359][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:30:15.360][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:30:15.360][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:30:15.360][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:30:15.360][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:30:15.360][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:30:15.360][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:30:15.360][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:30:15.360][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:30:15.360][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:30:15.361][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:30:15.361][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:30:15.361][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:30:20.363][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:30:20.364][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:30:20.364][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:30:20.364][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:30:20.364][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:30:20.364][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:30:20.364][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:30:20.364][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:30:20.364][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:30:20.364][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:30:20.364][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:30:20.364][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref [2021-11-19 09:30:23.110][550990][debug][config] [source/common/config/grpc_mux_impl.cc:163] Received gRPC message for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret at version 1637310623110 [2021-11-19 09:30:23.110][550990][debug][config] [source/common/config/grpc_mux_impl.cc:141] Pausing discovery requests for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret (previous count 0) [2021-11-19 09:30:23.111][550990][debug][config] [source/extensions/transport_sockets/tls/ssl_socket.cc:432] Secret is updated. [2021-11-19 09:30:23.111][550990][debug][config] [source/common/config/grpc_subscription_impl.cc:83] gRPC config for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret accepted with 1 resources with version 1637310623110 [2021-11-19 09:30:23.111][550990][debug][config] [source/common/config/grpc_mux_impl.cc:148] Resuming discovery requests for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret (previous count 1) [2021-11-19 09:30:25.365][550990][debug][main] [source/server/server.cc:229] flushing stats [2021-11-19 09:30:25.365][550990][debug][dns] [source/common/network/apple_dns_impl.cc:58] DNS resolution for localhost started [2021-11-19 09:30:25.366][550990][debug][dns] [source/common/network/apple_dns_impl.cc:174] DNS resolver file event (1) [2021-11-19 09:30:25.366][550990][debug][dns] [source/common/network/apple_dns_impl.cc:274] DNS for localhost resolved with: flags=1073741826[MoreComing=no, Add=yes], interface_index=4294967295, error_code=0, hostname=localhost. [2021-11-19 09:30:25.366][550990][debug][dns] [source/common/network/apple_dns_impl.cc:297] Address to add address=127.0.0.1, ttl=1 [2021-11-19 09:30:25.366][550990][debug][dns] [source/common/network/apple_dns_impl.cc:307] DNS Resolver flushing queries pending callback [2021-11-19 09:30:25.366][550990][debug][dns] [source/common/network/apple_dns_impl.cc:213] dns resolution for localhost completed with status 0 [2021-11-19 09:30:25.366][550990][debug][upstream] [source/common/upstream/upstream_impl.cc:256] transport socket match, socket default selected for host with address 127.0.0.1:18000 [2021-11-19 09:30:25.366][550990][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:177] DNS refresh rate reset for localhost, refresh rate 5000 ms [2021-11-19 09:30:25.366][550990][debug][dns] [source/common/network/apple_dns_impl.cc:217] Resolution for localhost completed (async) [2021-11-19 09:30:25.366][550990][debug][dns] [source/common/network/apple_dns_impl.cc:145] Destroying PendingResolution for localhost [2021-11-19 09:30:25.366][550990][debug][dns] [source/common/network/apple_dns_impl.cc:159] DNSServiceRefDeallocate individual sd ref ```
rojkov commented 2 years ago

Looks like (udpa.annotations.sensitive) = true is either missing somewhere or ignored.

cc @htuch @junr03

htuch commented 2 years ago

I think we have the annotation, https://github.com/envoyproxy/envoy/blob/2bf847854610db8bc5a44ef3046fcc8f3a23518e/api/envoy/extensions/transport_sockets/tls/v3/common.proto#L249, so seems like a bug in config dump redaction. The OP seems to be asking about something different though, they're not seeing an update reflected in the config dump. I suspect that is because the update does not happen on the client (I don't see it in the logs).

PheonixS commented 2 years ago

@htuch you right there are 2 points:

Config dump reveal session ticket keys. Values are not updated in the config dump. I see this lines in the log I provider: [source/extensions/transport_sockets/tls/ssl_socket.cc:432] Secret is updated.. I assume that means that secret was updated on the Envoy side.

htuch commented 2 years ago

Yeah, some secret is updated. I can't line up the timestamps of the logs and your config dump though. It might also help to ahve some trace output around secret manager and SDS (you might want to redact if there is anything sensitive manually).

PheonixS commented 2 years ago

Hi @htuch , here is synchronised logs of envoy. debug.log

Logs of SDS server:

2021/12/10 12:29:41.598231 [INFO] Program started
2021/12/10 12:29:41.598439 [INFO] sds start, interval: 30s
2021/12/10 12:29:41.598467 [INFO] sds iteration
2021/12/10 12:29:41.598483 [INFO] creating snapshot Version 1639135781598
2021/12/10 12:29:41.600377 [INFO] management server listening on port 18000
2021/12/10 12:29:50.557976 [DEBUG] OnStreamOpen 1 type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret
2021/12/10 12:29:50.558624 [DEBUG] NewNodeDiscovery: %!(EXTRA string=1)
2021/12/10 12:29:50.558650 [DEBUG] open watch 1 for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret[apimgateway_session_ticket_keys] from nodeID "1", version ""
2021/12/10 12:29:50.558667 [DEBUG] respond open watch 1[apimgateway_session_ticket_keys] with new version "1639135781598"
2021/12/10 12:29:50.558687 [DEBUG] respond type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret[apimgateway_session_ticket_keys] version "" with version "1639135781598"
2021/12/10 12:29:50.563514 [DEBUG] open watch 2 for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret[apimgateway_session_ticket_keys] from nodeID "1", version "1639135781598"

2021/12/10 12:30:11.600103 [INFO] sds iteration
2021/12/10 12:30:11.600157 [INFO] creating snapshot Version 1639135811600
2021/12/10 12:30:11.600216 [DEBUG] respond open watch 2[apimgateway_session_ticket_keys] with new version "1639135811600"
2021/12/10 12:30:11.600230 [DEBUG] respond type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret[apimgateway_session_ticket_keys] version "1639135781598" with version "1639135811600"
2021/12/10 12:30:11.601898 [DEBUG] open watch 3 for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret[apimgateway_session_ticket_keys] from nodeID "1", version "1639135811600"
2021/12/10 12:30:41.599165 [INFO] sds iteration
2021/12/10 12:30:41.599207 [INFO] creating snapshot Version 1639135841599
2021/12/10 12:30:41.599241 [DEBUG] respond open watch 3[apimgateway_session_ticket_keys] with new version "1639135841599"
2021/12/10 12:30:41.599275 [DEBUG] respond type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret[apimgateway_session_ticket_keys] version "1639135811600" with version "1639135841599"
2021/12/10 12:30:41.600442 [DEBUG] open watch 4 for type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret[apimgateway_session_ticket_keys] from nodeID "1", version "1639135841599"
^C
2021/12/10 12:30:53.368932 [INFO] SIGTERM received, exiting
2021/12/10 12:30:53.369061 [INFO] ctx is done, exiting
htuch commented 2 years ago

I'm not seeing anything obvious, @JimmyCYJ @lizan any thoughts on this one?

When I look at the code, I think the relevant sites are the dump code for tickets, at https://github.com/envoyproxy/envoy/blob/fef9121735e2dc680b58a192d04b2f9251f1a0a5/source/common/secret/secret_manager_impl.cc#L283 and the SDS update at https://github.com/envoyproxy/envoy/blob/fef9121735e2dc680b58a192d04b2f9251f1a0a5/source/common/secret/sds_api.cc#L95. A couple of observations:

  1. I think all the code in SecretManagerImpl::dumpSecretConfigs should be refactored. This is very verbose and boilier platey, making it hard to follow logic and check for consistency across dumps.
  2. The redaction call is there at https://github.com/envoyproxy/envoy/blob/fef9121735e2dc680b58a192d04b2f9251f1a0a5/source/common/secret/secret_manager_impl.cc#L308.

@PheonixS is it just the inline bytes that is not updated? I.e. is the timestamp/version bumped?

PheonixS commented 2 years ago

@htuch yes, only inline bytes are not updated. Timestamp/version correctly bumped.

htuch commented 2 years ago

So, I figured out what is going on and it's kind of hilarious (specifically funny that I didn't spot this earlier). Redaction is taking place, if you base64 decode W3JlZGFjdGVkXQ==, you get [redacted]. So, we're not actually failing to update config dump or redact. It's a bit confusing but makes sense when you think of the underlying proto JSON representation for bytes. You can also see this captured in a test at https://github.com/envoyproxy/envoy/blob/9050cfdc683856a7b0c7d43483e6f4152e91206d/test/common/secret/secret_manager_impl_test.cc#L693.

I'm going to close this out, as I don't think there is anything broken or actionable, but feel free to reopen if you have some suggestion on how to make this less confusing to the next person who encounters.