envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
24.95k stars 4.8k forks source link

Envoy never opens listening port for redis proxy #20172

Closed keyolk closed 2 years ago

keyolk commented 2 years ago

I'm trying to use envoy's redis_proxy with the below config. Testing with docker, it opens admin port only. Am I missing something ?

envoy.yaml I used.

admin:
  access_log_path: "/dev/null"
  address:
    socket_address:
      address: 0.0.0.0
      port_value: 8001

static_resources:
  listeners:
  - name: redis_listener
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 6379
    filter_chains:
    - filters:
      - name: envoy.redis_proxy
        typed_config:
          "@type": "type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy"
          stat_prefix: egress_redis
          prefix_routes:
            catch_all_route:
               cluster: redis_cluster
          settings:
            op_timeout: 5s
            enable_redirection: true
            read_policy: "ANY"
            enable_command_stats: true
  clusters:
  - name: redis_cluster
    connect_timeout: 0.25s
    dns_lookup_family: V4_ONLY
    lb_policy: CLUSTER_PROVIDED
    upstream_connection_options:
      tcp_keepalive:
        keepalive_time: 60
        keepalive_probes: 1
        keepalive_interval: 5
    load_assignment:
      cluster_name: "redis_cluster"
      endpoints:
        - lb_endpoints:
          - endpoint:
              address:
                socket_address:
                  address: "redis"
                  port_value: 6379
    cluster_type:
      name: envoy.clusters.redis
      typed_config:
        "@type": type.googleapis.com/google.protobuf.Struct
        value:
          cluster_refresh_rate: 360s
          cluster_refresh_timeout: 4s

Run docker container.

$ docker run -d --rm --name envoy --link redis -tiv $(pwd)/envoy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoy:v1.20.2

check socket with the command ss.

$ docker exec -ti envoy bash
root@fd103211dbef:/# apt update -y && apt install -y iproute2
(...)
root@fd103211dbef:/#  ss -tanl
ss -tanl
State             Recv-Q             Send-Q                          Local Address:Port                         Peer Address:Port
LISTEN            0                  4096                                  0.0.0.0:8001                              0.0.0.0:*

Logs from docker container

$ docker logs envoy
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:368] initializing epoch 0 (base id=0, hot restart version=11.120)
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:370] statically linked extensions:
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.tls.cert_validator: envoy.tls.cert_validator.default, envoy.tls.cert_validator.spiffe
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.dubbo_proxy.serializers: dubbo.hessian2
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.resolvers: envoy.ip
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.health_checkers: envoy.health_checkers.redis
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.compression.decompressor: envoy.compression.brotli.decompressor, envoy.compression.gzip.decompressor
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.bootstrap: envoy.bootstrap.wasm, envoy.extensions.network.socket_interface.default_socket_interface
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.retry_host_predicates: envoy.retry_host_predicates.omit_canary_hosts, envoy.retry_host_predicates.omit_host_metadata, envoy.retry_host_predicates.previous_hosts
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.filters.network: envoy.client_ssl_auth, envoy.echo, envoy.ext_authz, envoy.filters.network.client_ssl_auth, envoy.filters.network.connection_limit, envoy.filters.network.direct_response, envoy.filters.network.dubbo_proxy, envoy.filters.network.echo, envoy.filters.network.ext_authz, envoy.filters.network.http_connection_manager, envoy.filters.network.local_ratelimit, envoy.filters.network.mongo_proxy, envoy.filters.network.ratelimit, envoy.filters.network.rbac, envoy.filters.network.redis_proxy, envoy.filters.network.sni_cluster, envoy.filters.network.sni_dynamic_forward_proxy, envoy.filters.network.tcp_proxy, envoy.filters.network.thrift_proxy, envoy.filters.network.wasm, envoy.filters.network.zookeeper_proxy, envoy.http_connection_manager, envoy.mongo_proxy, envoy.ratelimit, envoy.redis_proxy, envoy.tcp_proxy
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.thrift_proxy.transports: auto, framed, header, unframed
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.upstreams: envoy.filters.connection_pools.tcp.generic
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.http.stateful_header_formatters: preserve_case
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.transport_sockets.downstream: envoy.transport_sockets.alts, envoy.transport_sockets.quic, envoy.transport_sockets.raw_buffer, envoy.transport_sockets.starttls, envoy.transport_sockets.tap, envoy.transport_sockets.tls, raw_buffer, starttls, tls
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.guarddog_actions: envoy.watchdog.abort_action, envoy.watchdog.profile_action
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.thrift_proxy.protocols: auto, binary, binary/non-strict, compact, twitter
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.request_id: envoy.request_id.uuid
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.dubbo_proxy.route_matchers: default
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.rbac.matchers: envoy.rbac.matchers.upstream.upstream_ip_port
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.compression.compressor: envoy.compression.brotli.compressor, envoy.compression.gzip.compressor
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.stats_sinks: envoy.dog_statsd, envoy.graphite_statsd, envoy.metrics_service, envoy.stat_sinks.dog_statsd, envoy.stat_sinks.graphite_statsd, envoy.stat_sinks.hystrix, envoy.stat_sinks.metrics_service, envoy.stat_sinks.statsd, envoy.stat_sinks.wasm, envoy.statsd
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.dubbo_proxy.protocols: dubbo
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.tracers: envoy.dynamic.ot, envoy.lightstep, envoy.tracers.datadog, envoy.tracers.dynamic_ot, envoy.tracers.lightstep, envoy.tracers.opencensus, envoy.tracers.skywalking, envoy.tracers.xray, envoy.tracers.zipkin, envoy.zipkin
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.retry_priorities: envoy.retry_priorities.previous_priorities
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.internal_redirect_predicates: envoy.internal_redirect_predicates.allow_listed_routes, envoy.internal_redirect_predicates.previous_routes, envoy.internal_redirect_predicates.safe_cross_scheme
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.matching.http.input: request-headers, request-trailers, response-headers, response-trailers
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.access_loggers: envoy.access_loggers.file, envoy.access_loggers.http_grpc, envoy.access_loggers.open_telemetry, envoy.access_loggers.stderr, envoy.access_loggers.stdout, envoy.access_loggers.tcp_grpc, envoy.access_loggers.wasm, envoy.file_access_log, envoy.http_grpc_access_log, envoy.open_telemetry_access_log, envoy.stderr_access_log, envoy.stdout_access_log, envoy.tcp_grpc_access_log, envoy.wasm_access_log
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.matching.common_inputs: envoy.matching.common_inputs.environment_variable
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.grpc_credentials: envoy.grpc_credentials.aws_iam, envoy.grpc_credentials.default, envoy.grpc_credentials.file_based_metadata
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.http.cache: envoy.extensions.http.cache.simple
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.matching.action: composite-action, skip
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.formatter: envoy.formatter.metadata, envoy.formatter.req_without_query
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.matching.input_matchers: envoy.matching.matchers.consistent_hashing, envoy.matching.matchers.ip
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.resource_monitors: envoy.resource_monitors.fixed_heap, envoy.resource_monitors.injected_resource
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.http.original_ip_detection: envoy.http.original_ip_detection.custom_header, envoy.http.original_ip_detection.xff
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.filters.udp_listener: envoy.filters.udp.dns_filter, envoy.filters.udp_listener.udp_proxy
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.dubbo_proxy.filters: envoy.filters.dubbo.router
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.transport_sockets.upstream: envoy.transport_sockets.alts, envoy.transport_sockets.quic, envoy.transport_sockets.raw_buffer, envoy.transport_sockets.starttls, envoy.transport_sockets.tap, envoy.transport_sockets.tls, envoy.transport_sockets.upstream_proxy_protocol, raw_buffer, starttls, tls
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.filters.listener: envoy.filters.listener.http_inspector, envoy.filters.listener.original_dst, envoy.filters.listener.original_src, envoy.filters.listener.proxy_protocol, envoy.filters.listener.tls_inspector, envoy.listener.http_inspector, envoy.listener.original_dst, envoy.listener.original_src, envoy.listener.proxy_protocol, envoy.listener.tls_inspector
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.clusters: envoy.cluster.eds, envoy.cluster.logical_dns, envoy.cluster.original_dst, envoy.cluster.static, envoy.cluster.strict_dns, envoy.clusters.aggregate, envoy.clusters.dynamic_forward_proxy, envoy.clusters.redis
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.thrift_proxy.filters: envoy.filters.thrift.rate_limit, envoy.filters.thrift.router
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.common.key_value: envoy.key_value.file_based
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.upstream_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions, envoy.upstreams.http.http_protocol_options
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.quic.server.crypto_stream: envoy.quic.crypto_stream.server.quiche
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.rate_limit_descriptors: envoy.rate_limit_descriptors.expr
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.quic.proof_source: envoy.quic.proof_source.filter_chain
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.wasm.runtime: envoy.wasm.runtime.null, envoy.wasm.runtime.v8
[2022-03-02 04:51:59.839][1][info][main] [source/server/server.cc:372]   envoy.filters.http: envoy.bandwidth_limit, envoy.buffer, envoy.cors, envoy.csrf, envoy.ext_authz, envoy.ext_proc, envoy.fault, envoy.filters.http.adaptive_concurrency, envoy.filters.http.admission_control, envoy.filters.http.alternate_protocols_cache, envoy.filters.http.aws_lambda, envoy.filters.http.aws_request_signing, envoy.filters.http.bandwidth_limit, envoy.filters.http.buffer, envoy.filters.http.cache, envoy.filters.http.cdn_loop, envoy.filters.http.composite, envoy.filters.http.compressor, envoy.filters.http.cors, envoy.filters.http.csrf, envoy.filters.http.decompressor, envoy.filters.http.dynamic_forward_proxy, envoy.filters.http.dynamo, envoy.filters.http.ext_authz, envoy.filters.http.ext_proc, envoy.filters.http.fault, envoy.filters.http.grpc_http1_bridge, envoy.filters.http.grpc_http1_reverse_bridge, envoy.filters.http.grpc_json_transcoder, envoy.filters.http.grpc_stats, envoy.filters.http.grpc_web, envoy.filters.http.header_to_metadata, envoy.filters.http.health_check, envoy.filters.http.ip_tagging, envoy.filters.http.jwt_authn, envoy.filters.http.local_ratelimit, envoy.filters.http.lua, envoy.filters.http.oauth2, envoy.filters.http.on_demand, envoy.filters.http.original_src, envoy.filters.http.ratelimit, envoy.filters.http.rbac, envoy.filters.http.router, envoy.filters.http.set_metadata, envoy.filters.http.tap, envoy.filters.http.wasm, envoy.grpc_http1_bridge, envoy.grpc_json_transcoder, envoy.grpc_web, envoy.health_check, envoy.http_dynamo_filter, envoy.ip_tagging, envoy.local_rate_limit, envoy.lua, envoy.rate_limit, envoy.router, match-wrapper
[2022-03-02 04:51:59.846][1][warning][misc] [source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.bootstrap.v3.Admin Using deprecated option 'envoy.config.bootstrap.v3.Admin.access_log_path' from file bootstrap.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override.
[2022-03-02 04:51:59.846][1][info][main] [source/server/server.cc:390] HTTP header map info:
[2022-03-02 04:51:59.847][1][info][main] [source/server/server.cc:393]   request header map: 640 bytes: :authority,:method,:path,:protocol,:scheme,accept,accept-encoding,access-control-request-method,authentication,authorization,cache-control,cdn-loop,connection,content-encoding,content-length,content-type,expect,grpc-accept-encoding,grpc-timeout,if-match,if-modified-since,if-none-match,if-range,if-unmodified-since,keep-alive,origin,pragma,proxy-connection,referer,te,transfer-encoding,upgrade,user-agent,via,x-client-trace-id,x-envoy-attempt-count,x-envoy-decorator-operation,x-envoy-downstream-service-cluster,x-envoy-downstream-service-node,x-envoy-expected-rq-timeout-ms,x-envoy-external-address,x-envoy-force-trace,x-envoy-hedge-on-per-try-timeout,x-envoy-internal,x-envoy-ip-tags,x-envoy-max-retries,x-envoy-original-path,x-envoy-original-url,x-envoy-retriable-header-names,x-envoy-retriable-status-codes,x-envoy-retry-grpc-on,x-envoy-retry-on,x-envoy-upstream-alt-stat-name,x-envoy-upstream-rq-per-try-timeout-ms,x-envoy-upstream-rq-timeout-alt-response,x-envoy-upstream-rq-timeout-ms,x-envoy-upstream-stream-duration-ms,x-forwarded-client-cert,x-forwarded-for,x-forwarded-proto,x-ot-span-context,x-request-id
[2022-03-02 04:51:59.847][1][info][main] [source/server/server.cc:393]   request trailer map: 136 bytes:
[2022-03-02 04:51:59.847][1][info][main] [source/server/server.cc:393]   response header map: 432 bytes: :status,access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,access-control-expose-headers,access-control-max-age,age,cache-control,connection,content-encoding,content-length,content-type,date,etag,expires,grpc-message,grpc-status,keep-alive,last-modified,location,proxy-connection,server,transfer-encoding,upgrade,vary,via,x-envoy-attempt-count,x-envoy-decorator-operation,x-envoy-degraded,x-envoy-immediate-health-check-fail,x-envoy-ratelimited,x-envoy-upstream-canary,x-envoy-upstream-healthchecked-cluster,x-envoy-upstream-service-time,x-request-id
[2022-03-02 04:51:59.847][1][info][main] [source/server/server.cc:393]   response trailer map: 160 bytes: grpc-message,grpc-status
[2022-03-02 04:51:59.848][1][info][main] [source/server/server.cc:740] runtime: {}
[2022-03-02 04:51:59.849][1][info][admin] [source/server/admin/admin.cc:135] admin address: 0.0.0.0:8001
[2022-03-02 04:51:59.849][1][info][config] [source/server/configuration_impl.cc:127] loading tracing configuration
[2022-03-02 04:51:59.849][1][info][config] [source/server/configuration_impl.cc:87] loading 0 static secret(s)
[2022-03-02 04:51:59.849][1][info][config] [source/server/configuration_impl.cc:93] loading 1 cluster(s)
[2022-03-02 04:51:59.850][1][info][config] [source/server/configuration_impl.cc:97] loading 1 listener(s)
[2022-03-02 04:51:59.853][1][info][config] [source/server/configuration_impl.cc:109] loading stats configuration
[2022-03-02 04:51:59.854][1][info][main] [source/server/server.cc:836] starting main dispatch loop
[2022-03-02 04:51:59.854][1][warning][upstream] [source/extensions/clusters/redis/redis_cluster.cc:379] Unexpected response to cluster slot command: "ERR This instance has cluster support disabled"

[2022-03-02 04:57:59.816][1][warning][upstream] [source/extensions/clusters/redis/redis_cluster.cc:379] Unexpected response to cluster slot command: "ERR This instance has cluster support disabled"

Thanks

rojkov commented 2 years ago

I'm not a Redis expert, but the error message "ERR This instance has cluster support disabled" suggests that the Redis cluster itself is configured in a way Envoy doesn't expect.

You may want to start from a minimal setup described in https://www.envoyproxy.io/docs/envoy/latest/start/sandboxes/redis.html

/cc @msukalski @henryyyang if they have a better idea.

github-actions[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

lambdai commented 2 years ago

Expecting a cm init: all clusters initialized after starting main dispatch loop. It aligns with what @rojkov found

So the cluster warm up is the blocker of listener

github-actions[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

github-actions[bot] commented 2 years ago

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.