search

istio / istio

Connect, secure, control, and observe services.
https://istio.io
Apache License 2.0
35.43k stars 7.65k forks source link

TCPRoute not working #51903

Open sudocovik opened 2 weeks ago

sudocovik commented 2 weeks ago

Is this the right place to submit this?

Bug Description

I want to use Istio with Gateway API and TCPRoute. Since I use Pulumi for infrastructure I opted for Helm chart installation. I added Kubernetes Gateway API v1.1.0 experimental version. Deployed three charts and added PILOT_ENABLE_ALPHA_GATEWAY_API: 'true', env variable.

Code used for deployment:

onst commonConfig = {
      version: '1.22.2',
      repositoryOpts: {
        repo: 'https://istio-release.storage.googleapis.com/charts',
      },
      namespace: namespace.metadata.name,
    };

    // Install Istio base
    const base = new k8s.helm.v3.Release(
      'istio-control-plane',
      {
        chart: 'base',
        ...commonConfig,
        values: {
          defaultRevision: 'default',
        },
      },
      { parent: namespace },
    );

    // Install Istio discovery / control plane
    const pilot = new k8s.helm.v3.Release(
      'istio-discovery',
      {
        chart: 'istiod',
        ...commonConfig,
        values: {
          profile: 'ambient',
          pilot: {
            env: {
              PILOT_ENABLE_ALPHA_GATEWAY_API: 'true',
            },
          },
        },
      },
      { parent: namespace, dependsOn: [base] },
    );

    // Install Istio ingress gateway
    const ingress = new k8s.helm.v3.Release(
      'istio-ingress',
      {
        chart: 'gateway',
        ...commonConfig,
        values: {
          service: {
            annotations: {
              'service.beta.kubernetes.io/do-loadbalancer-name': 'trailer',
            },
            ports: [
              {
                name: 'status-port',
                port: 15021,
                protocol: 'TCP',
                targetPort: 15021,
              },
              {
                name: 'http2',
                port: 80,
                protocol: 'TCP',
                targetPort: 80,
              },
              {
                name: 'https',
                port: 443,
                protocol: 'TCP',
                targetPort: 443,
              },
              {
                name: 'teltonika',
                port: 8400,
                protocol: 'TCP',
                targetPort: 8400,
              },
            ],
          },
        },
      },
      { parent: namespace, dependsOn: [pilot] },
    );

When I describe default istio gatewayclass there is no TCPRoute in Supported Features

Name:         istio
Namespace:    
Labels:       <none>
Annotations:  <none>
API Version:  gateway.networking.k8s.io/v1
Kind:         GatewayClass
Metadata:
  Creation Timestamp:  2024-07-04T16:56:02Z
  Generation:          1
  Resource Version:    74910
  UID:                 d389649f-0c1f-40f4-94dd-4f1e2af86974
Spec:
  Controller Name:  istio.io/gateway-controller
  Description:      The default Istio GatewayClass
Status:
  Conditions:
    Last Transition Time:  2024-07-04T16:56:02Z
    Message:               Handled by Istio controller
    Observed Generation:   1
    Reason:                Accepted
    Status:                True
    Type:                  Accepted
  Supported Features:
    GRPCRoute
    Gateway
    GatewayHTTPListenerIsolation
    GatewayPort8080
    GatewayStaticAddresses
    HTTPRoute
    HTTPRouteBackendProtocolH2C
    HTTPRouteBackendProtocolWebSocket
    HTTPRouteBackendRequestHeaderModification
    HTTPRouteBackendTimeout
    HTTPRouteDestinationPortMatching
    HTTPRouteHostRewrite
    HTTPRouteMethodMatching
    HTTPRouteParentRefPort
    HTTPRoutePathRedirect
    HTTPRoutePathRewrite
    HTTPRoutePortRedirect
    HTTPRouteQueryParamMatching
    HTTPRouteRequestMirror
    HTTPRouteRequestMultipleMirrors
    HTTPRouteRequestTimeout
    HTTPRouteResponseHeaderModification
    HTTPRouteSchemeRedirect
    Mesh
    MeshClusterIPMatching
    MeshConsumerRoute
    ReferenceGrant
    TLSRoute
Events:  <none>

TCPRoute and Gateway definition:

const sectionName = 'teltonika-tcp';
    const gateway = new k8s.apiextensions.CustomResource(
      'teltonika-gateway',
      {
        apiVersion: 'gateway.networking.k8s.io/v1',
        kind: 'Gateway',
        metadata: {
          name: 'teltonika-gateway',
          namespace: namespace.metadata.name,
        },
        spec: {
          gatewayClassName,
          listeners: [
            {
              name: sectionName,
              protocol: 'TCP',
              port: service.spec.ports[0].port,
              allowedRoutes: {
                kinds: [{ kind: 'TCPRoute' }],
              },
            },
          ],
        },
      },
      { parent: namespace },
    );

    new k8s.apiextensions.CustomResource(
      'teltonika-route',
      {
        apiVersion: 'gateway.networking.k8s.io/v1alpha2',
        kind: 'TCPRoute',
        metadata: {
          name: 'teltonika-route',
          namespace: namespace.metadata.name,
        },
        spec: {
          parentRefs: [{ name: gateway.metadata.name, sectionName }],
          rules: [
            {
              backendRefs: [
                {
                  name: service.metadata.name,
                  port: service.spec.ports[0].port,
                },
              ],
            },
          ],
        },
      },
      { parent: gateway },
    );

Version

Client Version: v1.30.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.30.1

Pulumi manages Helm, there is no binary installed locally.

Additional Information

No response

howardjohn commented 2 weeks ago

Is the issue it's not in the status, or tcproute actually isn't working? If the latter, can you include the tcproute

sudocovik commented 2 weeks ago

Well, I assume it should be in status but nonetheless the route does not work. Edited post with tcproute and gateway

howardjohn commented 2 weeks ago

Do. you have more info about what does not work? Does it do nothing? is there status message on the gateway or tcproute? does it do something but not expected?

howardjohn commented 1 week ago

There is no TCPRoute feature in upstream btw, wrt to the status. I don't know why.

sudocovik commented 1 week ago

Do. you have more info about what does not work? Does it do nothing? is there status message on the gateway or tcproute? does it do something but not expected?

I test the route with telnet but the connection is immediately closed. When using other ie. Envoy Gateway the connection is established and I can send input to the service, the response I receive work as expected.

There is no TCPRoute feature in upstream btw, wrt to the status. I don't know why. It's just missing in the status but there is an implementation for it or not?

howardjohn commented 1 week ago

It's just the status