Reported by one of our customer, they hit the following error when they were playing with routing (not sure if it's related to Virtual Outbound or regular traffic policies):
config was previously rejected by Envoy. Applying backoff before resending it {"backoff": "5s", "nodeID": "kong-mesh-dev.demo-packaging-6659768c56-4sgtj.demo-pg-c0ee522c-p7efabec-s85f83a7", "reason": "Error adding/updating cluster(s) http-test-server_kong-monitoring_svc_8080-379d218bfdddbea1: Proto constraint validation failed (UpstreamTlsContextValidationError.Sni: value length must be at most 255 bytes): common_tls_context {
alpn_protocols: \"kuma\"
tls_certificate_sds_secret_configs {
name: \"identity_cert:secret:kong-mesh-dev\"
sds_config {
ads {
}
resource_api_version : V3
}
}
combined_validation_context {
default_validation_context {
match_typed_subject_alt_names {
san_type: URI
matcher {
exact: \"spiffe://kong-mesh-dev/http-test-server_kong-monitoring_svc_8080\"
}
}
}
validation_context_sds_secret_config {
name: \"mesh_ca:secret:kong-mesh-dev\"
sds_config {
ads {
}
resource_api_version: V3
}
}
}
}
sni: \"http-test-server_kong-monitoring_svc_8080{k8s.kuma.io/service-port=8080,mesh=kong-mesh-dev,mesh.apixp/componentName=http-test-server,mesh.apixp/orgName=customer,mesh.apixp/orgUnitName=gtdp,mesh.apixp/productName=api-gateway,mesh.apixp/projectNameOrCustomName=eu-dev}\"
"}
Proto constraint validation failed (UpstreamTlsContextValidationError.Sni: value length must be at most 255 bytes was mitigated by reducing the length of the tag names and/or values
What happened?
Reported by one of our customer, they hit the following error when they were playing with routing (not sure if it's related to Virtual Outbound or regular traffic policies):
Proto constraint validation failed (UpstreamTlsContextValidationError.Sni: value length must be at most 255 bytes
was mitigated by reducing the length of the tag names and/or values