arkodg
commented
4 days ago @ovaldi can you share a little more of the XDS IR as well as the HTTPRoute ?
Open ovaldi opened 6 days ago
arkodg
commented
4 days ago @ovaldi can you share a little more of the XDS IR as well as the HTTPRoute ?
ovaldi
commented
4 days ago @ovaldi can you share a little more of the XDS IR as well as the HTTPRoute ?
helm install eg oci://docker.io/envoyproxy/gateway-helm \
--version v1.1.1 -n <namespace> --create-namespace \
--set deployment.replicas=3x-http-route
fr-http-route
arkodg
commented
4 days ago Internally Envoy Gateway creates a unique Xds cluster per HTTPRoute per Rule . This allows the traffic being sent to the same Backend (K8s Service) to behave differently ( different xDS Cluster ) if different BackendTrafficPolicies are applied to the different HTTPRoutes or rules
ovaldi
commented
4 days ago Internally Envoy Gateway creates a unique Xds cluster per HTTPRoute per Rule . This allows the traffic being sent to the same Backend (K8s Service) to behave differently ( different xDS Cluster ) if different BackendTrafficPolicies are applied to the different HTTPRoutes or rules
@arkodg but there is only one rule in the HTTPRoute, is this normal?
arkodg
commented
4 days ago @ovaldi can you please share the entire config so we can reproduce it ? I dont see the issue in https://github.com/envoyproxy/gateway/blob/main/internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml which attaches to a single backendRef
ovaldi
commented
4 days ago @ovaldi can you please share the entire config so we can reproduce it ? I dont see the issue in https://github.com/envoyproxy/gateway/blob/main/internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml which attaches to a single backendRef
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: eg
spec:
gatewayClassName: eg
listeners:
- name: http
protocol: HTTP
port: 6666
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: SecurityPolicy
metadata:
name: eg-cors
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: eg
cors:
allowOrigins:
- "*"
allowMethods:
- "*"
allowHeaders:
- "*"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: backend
---
apiVersion: v1
kind: Service
metadata:
name: backend
labels:
app: backend
service: backend
spec:
ports:
- name: http
port: 3000
targetPort: 3000
selector:
app: backend
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
spec:
replicas: 3
selector:
matchLabels:
app: backend
version: v1
template:
metadata:
labels:
app: backend
version: v1
spec:
serviceAccountName: backend
containers:
- image: gcr.io/k8s-staging-gateway-api/echo-basic:v20231214-v1.0.0-140-gf544a46e
imagePullPolicy: IfNotPresent
name: backend
ports:
- containerPort: 3000
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: backend-1
spec:
parentRefs:
- name: eg
hostnames:
- "*.example.com"
rules:
- backendRefs:
- group: ""
kind: Service
name: backend
port: 3000
weight: 1
matches:
- path:
type: PathPrefix
value: /
queryParams:
- name: "z_lang"
value: "pt"
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: backend-2
spec:
parentRefs:
- name: eg
hostnames:
- "pt-api.example.com"
rules:
- backendRefs:
- group: ""
kind: Service
name: backend
port: 3000
weight: 1
matches:
- path:
type: PathPrefix
value: /
@arkodg This config will create two HTTPRoute (backend-1 & backend-2) point to same Service, and the endpoints will be repeated.
Why
endpointsrepeated ?EnvoyGateway: v1.1.1
Here is my backend-traffic-policy: