Open bc185174 opened 2 months ago
We will need version of Linkerd control plane (and data plane, if different)
We will need version of Linkerd control plane (and data plane, if different)
Linkerd 2.14.10
for both control plane and data plane.
Something to note is our application sends out a HEAD request every 5s as keep-alive. How does this work with the destination caching? AFAIK, this caches TTL is also 5s. Could this cause issues?
@bc185174, there have been a number of changes around destination selection after 2.14.10 -- does the latest edge release show this failure for you?
@bc185174, there have been a number of changes around destination selection after 2.14.10 -- does the latest edge release show this failure for you?
We've just tried edge-24.2.4
and still hitting the same issue. It seems reproducible with our builds and restarting the client pod resolves the issue.
A couple of clarifying questions:
What is the issue?
We are occasionally seeing that traffic from our applications are being routed to the wrong pod. This was noticed when we started getting 403 responses from
linkerd-proxy
due to policy rejection, even though the policies were correctly configured.After enabling the debug logs, we noticed that the proxy was routing traffic to a different IP than that of the pod the application was trying to resolve to.
From the proxy logs output below, the resolved IP is
100.127.166.1
; however, when querying the destination pod using the linkerd CLI, the IP we expect to call to is100.127.166.50
.Proxy logs:
Linkerd CLI output:
This issue is resolved when we stop/start the
linkerd-proxy
container usingcrictl
CLI. Note we did not restart application container. Is there anything else we can check/help to debug?How can it be reproduced?
linkerd
using Linkerd CLI as per the docs https://linkerd.io/2.15/getting-started/#step-1-install-the-cli.Logs, error output, etc
output of
linkerd check -o short
N/A
Environment
Possible solution
N/A
Additional context
No response
Would you like to work on fixing this bug?
maybe