Closed michaelcourcy closed 1 year ago
@michaelcourcy can you create a specific service account for the client and try again. I see it listed as default in your yaml. Try to deploy the service with a service account other than using default and see if that works.
In your mongodb service, make sure that appProtocol: tcp
is set. This is required as OSM implicitly applies HTTP for backwards compatibility with older versions of OSM. If this is already the case, or it still does not work we can try to further narrow this down:
-o yaml
to show the full output?kubectl patch meshconfig osm-mesh-config -n osm-system -p '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":false}}}' --type=merge
-- this is assuming you are running the standard OSS OSM with no tweaks to its installation.appProtocol: tcp-server-first
in the mongo service. Some databases leverage this protocol, although I don't believe mongodb does, but no harm in trying.It might be the tcp-server-first protocol setting. I'm using external MongoDB hosting, I need to use this in the Egress definition:
ports:
- number: 27017
protocol: tcp-server-first
@phillipgibson I tried with another service account but that did not change anything same error
@steeling the permissive mode + the appProtocol let me connect but appProtocol with permissiveMode = false don't let me connect. The issue is now trafficTarget is not honored anymore I can connect also with the default service account which is not in my traffic target spec.
@ToniA I will give a try to your proposal and let your know @ToniA @steeling @phillipgibson I will run again my tests with the right conditions, and will give you a detailed answer I will communicate my complete conf also. Thanks for your help.
@ToniA Actually I'm not sure your suggestion could work in my situation I'm using mongodb internally I don't use any egress, you're speaking of this I suppose https://release-v0-11.docs.openservicemesh.io/docs/guides/traffic_management/egress/.
I'm only using a traffictarget and a tcp route because Both the mongodb sever and the mongodb client are pods in the same namespace. If I misunderstood anything do not hesitate.
@steeling @phillipgibson thanks for taking the time to help me.
Following your advice
I first change enablePermissiveTrafficPolicyMode to false, use a client service account different from default and add appProtocol=TCP to the service
kubectl patch meshconfig osm-mesh-config -n osm-system -p '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":false}}}' --type=merge
kubectl create ns mongodb
osm namespaces add mongodb
helm install server bitnami/mongodb -n mongodb
kubectl config set-context --current --namespace=mongodb
kubectl patch svc server-mongodb --type=json -p='[{"op": "add", "path": "/spec/ports/0/appProtocol", "value": "TCP" }]'
kubectl create sa client-mongodb
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: client-mongodb
name: client-mongodb
namespace: mongodb
spec:
serviceAccount: client-mongodb
serviceAccountName: client-mongodb
containers:
- command:
- tail
- -f
- /dev/null
env:
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
key: mongodb-root-password
name: server-mongodb
image: docker.io/bitnami/mongodb:6.0.5-debian-11-r4
name: client-mongodb
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}
EOF
For the moment I did not try to create any TrafficTarget and if I tried to connect to the mongo server from the client it fails which is expected
k exec -it client-mongodb -- /bin/sh
mongosh admin --host "server-mongodb" --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD
Current Mongosh Log ID: 64357451b6b30678fb7eebfd
Connecting to: mongodb://<credentials>@server-mongodb:27017/admin?directConnection=true&authSource=admin&appName=mongosh+1.8.0
MongoServerSelectionError: connection <monitor> to 10.0.148.112:27017 closed
Now I create the traffic target
cat <<EOF | kubectl create -f -
apiVersion: access.smi-spec.io/v1alpha3
kind: TrafficTarget
metadata:
name: mongodb
spec:
destination:
kind: ServiceAccount
name: sever-mongodb
namespace: mongodb
rules:
- kind: TCPRoute
name: mongodb
sources:
- kind: ServiceAccount
name: client-mongodb
namespace: mongodb
---
apiVersion: specs.smi-spec.io/v1alpha4
kind: TCPRoute
metadata:
name: mongodb
namespace: mongodb
spec:
matches:
ports:
- 27017
EOF
But get the same error
k exec -it client-mongodb -- bash
Defaulted container "client-mongodb" out of: client-mongodb, envoy, osm-init (init)
I have no name!@client-mongodb:/$ mongosh admin --host "server-mongodb" --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD
Current Mongosh Log ID: 643575995579bfd668b192f9
Connecting to: mongodb://<credentials>@server-mongodb:27017/admin?directConnection=true&authSource=admin&appName=mongosh+1.8.0
MongoServerSelectionError: connection <monitor> to 10.0.148.112:27017 closed
If now I enable Permissive Traffic Policy Mode
kubectl patch meshconfig osm-mesh-config -n osm-system -p '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":true}}}' --type=merge
I reenter the pod and retry the connection and it work immediately,
So I'm going to create another mongoclient with the default serviceaccount
MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace mongodb server-mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 -d)
kubectl run --namespace mongodb client-mongodb-default --restart='Never' \
--env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" \
--image docker.io/bitnami/mongodb:6.0.5-debian-11-r4 --command -- tail -f /dev/null
the connection work also despite the fact that TrafficTarget does not allow it but I guess that once I enable permissive mode TrafficTarget become ignored ?
As you ask me here is my detailed conf
The pods
k get po -o yaml
apiVersion: v1
items:
- apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/containerID: 6b1305306b02e7c7ec8773208b08d6df24059b3a8d7ed574c4079d48ecc29cff
cni.projectcalico.org/podIP: 10.244.0.28/32
cni.projectcalico.org/podIPs: 10.244.0.28/32
creationTimestamp: "2023-04-11T14:49:01Z"
labels:
osm-proxy-uuid: eb142dcc-7618-467a-9bc7-0ee60c831e90
run: client-mongodb
name: client-mongodb
namespace: mongodb
resourceVersion: "2794884"
uid: cfe9331c-c7e4-425e-9d1e-b24165273277
spec:
containers:
- command:
- tail
- -f
- /dev/null
env:
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
key: mongodb-root-password
name: server-mongodb
image: docker.io/bitnami/mongodb:6.0.5-debian-11-r4
imagePullPolicy: IfNotPresent
name: client-mongodb
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-4pq8k
readOnly: true
- args:
- --log-level
- error
- --config-path
- /etc/envoy/bootstrap.yaml
- --service-cluster
- client-mongodb.mongodb
command:
- envoy
env:
- name: POD_UID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.uid
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
image: envoyproxy/envoy-distroless:v1.22.2@sha256:541d31419b95e3c62d8cc0967db9cdb4ad2782cc08faa6f15f04c081200e324a
imagePullPolicy: IfNotPresent
name: envoy
ports:
- containerPort: 15000
name: proxy-admin
protocol: TCP
- containerPort: 15003
name: proxy-inbound
protocol: TCP
- containerPort: 15010
name: proxy-metrics
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1500
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/envoy
name: envoy-bootstrap-config-volume
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-4pq8k
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
initContainers:
- args:
- -c
- |
iptables-restore --noflush <<EOF
# OSM sidecar interception rules
*nat
:OSM_PROXY_INBOUND - [0:0]
:OSM_PROXY_IN_REDIRECT - [0:0]
:OSM_PROXY_OUTBOUND - [0:0]
:OSM_PROXY_OUT_REDIRECT - [0:0]
-A OSM_PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-A PREROUTING -p tcp -j OSM_PROXY_INBOUND
-A OSM_PROXY_INBOUND -p tcp --dport 15010 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15901 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15902 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15903 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15904 -j RETURN
-A OSM_PROXY_INBOUND -p tcp -j OSM_PROXY_IN_REDIRECT
-A OSM_PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
-A OSM_PROXY_OUT_REDIRECT -p tcp --dport 15000 -j ACCEPT
-A OUTPUT -p tcp -j OSM_PROXY_OUTBOUND
-A OSM_PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1500 -j OSM_PROXY_IN_REDIRECT
-A OSM_PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1500 -j RETURN
-A OSM_PROXY_OUTBOUND -m owner --uid-owner 1500 -j RETURN
-A OSM_PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
-A OSM_PROXY_OUTBOUND -j OSM_PROXY_OUT_REDIRECT
COMMIT
EOF
command:
- /bin/sh
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: openservicemesh/init@sha256:f0717caf400d81fb00e63e64710fb78d76da1d396155408b3fc56eeb80d6f0bd
imagePullPolicy: IfNotPresent
name: osm-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
runAsNonRoot: false
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-4pq8k
readOnly: true
nodeName: aks-nodepool1-39371769-vmss000000
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Never
schedulerName: default-scheduler
securityContext: {}
serviceAccount: client-mongodb
serviceAccountName: client-mongodb
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-4pq8k
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
- name: envoy-bootstrap-config-volume
secret:
defaultMode: 420
secretName: envoy-bootstrap-config-eb142dcc-7618-467a-9bc7-0ee60c831e90
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2023-04-11T14:49:02Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2023-04-11T14:49:03Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2023-04-11T14:49:03Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2023-04-11T14:49:01Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: containerd://5a86f7e19dc8f2f4cf0fa110ac4457aa34b9d6cb68053c72c3a4c248fe2e798b
image: docker.io/bitnami/mongodb:6.0.5-debian-11-r4
imageID: docker.io/bitnami/mongodb@sha256:e6c89880d46af94371958e94166632363882ebeb9b43f74246b23735e392838a
lastState: {}
name: client-mongodb
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-04-11T14:49:03Z"
- containerID: containerd://0067dd7e5c66698e0dc19245a9dab6a53e70003f424082057c18d46544f88e3f
image: sha256:5992440fc58784182d65340f36733dac382259e00765468a7e09fd3000b2fec5
imageID: docker.io/envoyproxy/envoy-distroless@sha256:541d31419b95e3c62d8cc0967db9cdb4ad2782cc08faa6f15f04c081200e324a
lastState: {}
name: envoy
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-04-11T14:49:03Z"
hostIP: 10.224.0.4
initContainerStatuses:
- containerID: containerd://b15eb9ab961e274ee7da214b14bbc7ca9df04b80f4e8848665d318cb0e1290d9
image: sha256:3e1dab5f8ddda38be9e5947d110269032ed676037bff1476e42114037db23b19
imageID: docker.io/openservicemesh/init@sha256:f0717caf400d81fb00e63e64710fb78d76da1d396155408b3fc56eeb80d6f0bd
lastState: {}
name: osm-init
ready: true
restartCount: 0
state:
terminated:
containerID: containerd://b15eb9ab961e274ee7da214b14bbc7ca9df04b80f4e8848665d318cb0e1290d9
exitCode: 0
finishedAt: "2023-04-11T14:49:02Z"
reason: Completed
startedAt: "2023-04-11T14:49:02Z"
phase: Running
podIP: 10.244.0.28
podIPs:
- ip: 10.244.0.28
qosClass: BestEffort
startTime: "2023-04-11T14:49:01Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/containerID: c634a8f869e64f066c94d98da9ad4640a89088637989b14c88d845b5f73c027d
cni.projectcalico.org/podIP: 10.244.2.39/32
cni.projectcalico.org/podIPs: 10.244.2.39/32
creationTimestamp: "2023-04-11T15:03:49Z"
labels:
osm-proxy-uuid: e4f1d75e-f242-4147-bb1a-9b9e39cdeada
run: client-mongodb-default
name: client-mongodb-default
namespace: mongodb
resourceVersion: "2799712"
uid: 4a20bb0e-9d49-4e79-8336-734d87a7fc02
spec:
containers:
- command:
- tail
- -f
- /dev/null
env:
- name: MONGODB_ROOT_PASSWORD
value: iCaNe6XntN
image: docker.io/bitnami/mongodb:6.0.5-debian-11-r4
imagePullPolicy: IfNotPresent
name: client-mongodb-default
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-4x4k6
readOnly: true
- args:
- --log-level
- error
- --config-path
- /etc/envoy/bootstrap.yaml
- --service-cluster
- default.mongodb
command:
- envoy
env:
- name: POD_UID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.uid
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
image: envoyproxy/envoy-distroless:v1.22.2@sha256:541d31419b95e3c62d8cc0967db9cdb4ad2782cc08faa6f15f04c081200e324a
imagePullPolicy: IfNotPresent
name: envoy
ports:
- containerPort: 15000
name: proxy-admin
protocol: TCP
- containerPort: 15003
name: proxy-inbound
protocol: TCP
- containerPort: 15010
name: proxy-metrics
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1500
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/envoy
name: envoy-bootstrap-config-volume
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-4x4k6
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
initContainers:
- args:
- -c
- |
iptables-restore --noflush <<EOF
# OSM sidecar interception rules
*nat
:OSM_PROXY_INBOUND - [0:0]
:OSM_PROXY_IN_REDIRECT - [0:0]
:OSM_PROXY_OUTBOUND - [0:0]
:OSM_PROXY_OUT_REDIRECT - [0:0]
-A OSM_PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-A PREROUTING -p tcp -j OSM_PROXY_INBOUND
-A OSM_PROXY_INBOUND -p tcp --dport 15010 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15901 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15902 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15903 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15904 -j RETURN
-A OSM_PROXY_INBOUND -p tcp -j OSM_PROXY_IN_REDIRECT
-A OSM_PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
-A OSM_PROXY_OUT_REDIRECT -p tcp --dport 15000 -j ACCEPT
-A OUTPUT -p tcp -j OSM_PROXY_OUTBOUND
-A OSM_PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1500 -j OSM_PROXY_IN_REDIRECT
-A OSM_PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1500 -j RETURN
-A OSM_PROXY_OUTBOUND -m owner --uid-owner 1500 -j RETURN
-A OSM_PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
-A OSM_PROXY_OUTBOUND -j OSM_PROXY_OUT_REDIRECT
COMMIT
EOF
command:
- /bin/sh
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: openservicemesh/init@sha256:f0717caf400d81fb00e63e64710fb78d76da1d396155408b3fc56eeb80d6f0bd
imagePullPolicy: IfNotPresent
name: osm-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
runAsNonRoot: false
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-4x4k6
readOnly: true
nodeName: aks-nodepool1-39371769-vmss000004
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Never
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-4x4k6
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
- name: envoy-bootstrap-config-volume
secret:
defaultMode: 420
secretName: envoy-bootstrap-config-e4f1d75e-f242-4147-bb1a-9b9e39cdeada
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2023-04-11T15:03:50Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2023-04-11T15:03:51Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2023-04-11T15:03:51Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2023-04-11T15:03:49Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: containerd://2ac8abf6fe6ab3aae3ef462754eb43f1f3072567ad0e269a77daeee5fe13ae4f
image: docker.io/bitnami/mongodb:6.0.5-debian-11-r4
imageID: docker.io/bitnami/mongodb@sha256:e6c89880d46af94371958e94166632363882ebeb9b43f74246b23735e392838a
lastState: {}
name: client-mongodb-default
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-04-11T15:03:50Z"
- containerID: containerd://c3cf50ad2ddb573b94325ec49a996bd1603124fce7041687040c1493f765c6a1
image: sha256:5992440fc58784182d65340f36733dac382259e00765468a7e09fd3000b2fec5
imageID: docker.io/envoyproxy/envoy-distroless@sha256:541d31419b95e3c62d8cc0967db9cdb4ad2782cc08faa6f15f04c081200e324a
lastState: {}
name: envoy
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-04-11T15:03:50Z"
hostIP: 10.224.0.8
initContainerStatuses:
- containerID: containerd://7fc64b50fc8b13be5648e93da1faebd5b79cf7e2d2acc4c8d5efec5e760d4573
image: sha256:3e1dab5f8ddda38be9e5947d110269032ed676037bff1476e42114037db23b19
imageID: docker.io/openservicemesh/init@sha256:f0717caf400d81fb00e63e64710fb78d76da1d396155408b3fc56eeb80d6f0bd
lastState: {}
name: osm-init
ready: true
restartCount: 0
state:
terminated:
containerID: containerd://7fc64b50fc8b13be5648e93da1faebd5b79cf7e2d2acc4c8d5efec5e760d4573
exitCode: 0
finishedAt: "2023-04-11T15:03:50Z"
reason: Completed
startedAt: "2023-04-11T15:03:50Z"
phase: Running
podIP: 10.244.2.39
podIPs:
- ip: 10.244.2.39
qosClass: BestEffort
startTime: "2023-04-11T15:03:49Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/containerID: 258873665ea876206c4e037eca343a1ca3d772cde4112a6ff84180926dad0edf
cni.projectcalico.org/podIP: 10.244.2.38/32
cni.projectcalico.org/podIPs: 10.244.2.38/32
creationTimestamp: "2023-04-11T14:46:18Z"
generateName: server-mongodb-6cb9cb8954-
labels:
app.kubernetes.io/component: mongodb
app.kubernetes.io/instance: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mongodb
helm.sh/chart: mongodb-13.9.4
osm-proxy-uuid: d705a837-2f28-4aae-8243-c7e0f3dc11de
pod-template-hash: 6cb9cb8954
name: server-mongodb-6cb9cb8954-8h5qt
namespace: mongodb
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: server-mongodb-6cb9cb8954
uid: c0804c79-651b-485c-a296-d6a0dd1ff1e3
resourceVersion: "2794117"
uid: e5857d57-730e-4056-b605-9cb37e99cbd3
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/component: mongodb
app.kubernetes.io/instance: server
app.kubernetes.io/name: mongodb
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- env:
- name: BITNAMI_DEBUG
value: "false"
- name: MONGODB_ROOT_USER
value: root
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
key: mongodb-root-password
name: server-mongodb
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: MONGODB_SYSTEM_LOG_VERBOSITY
value: "0"
- name: MONGODB_DISABLE_SYSTEM_LOG
value: "no"
- name: MONGODB_DISABLE_JAVASCRIPT
value: "no"
- name: MONGODB_ENABLE_JOURNAL
value: "yes"
- name: MONGODB_PORT_NUMBER
value: "27017"
- name: MONGODB_ENABLE_IPV6
value: "no"
- name: MONGODB_ENABLE_DIRECTORY_PER_DB
value: "no"
image: docker.io/bitnami/mongodb:6.0.5-debian-11-r4
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- /bitnami/scripts/ping-mongodb.sh
failureThreshold: 6
initialDelaySeconds: 30
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 10
name: mongodb
ports:
- containerPort: 27017
name: mongodb
protocol: TCP
readinessProbe:
exec:
command:
- /bitnami/scripts/readiness-probe.sh
failureThreshold: 6
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /bitnami/mongodb
name: datadir
- mountPath: /bitnami/scripts
name: common-scripts
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-4xlgr
readOnly: true
- args:
- --log-level
- error
- --config-path
- /etc/envoy/bootstrap.yaml
- --service-cluster
- server-mongodb.mongodb
command:
- envoy
env:
- name: POD_UID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.uid
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
image: envoyproxy/envoy-distroless:v1.22.2@sha256:541d31419b95e3c62d8cc0967db9cdb4ad2782cc08faa6f15f04c081200e324a
imagePullPolicy: IfNotPresent
name: envoy
ports:
- containerPort: 15000
name: proxy-admin
protocol: TCP
- containerPort: 15003
name: proxy-inbound
protocol: TCP
- containerPort: 15010
name: proxy-metrics
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1500
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/envoy
name: envoy-bootstrap-config-volume
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-4xlgr
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
initContainers:
- args:
- -c
- |
iptables-restore --noflush <<EOF
# OSM sidecar interception rules
*nat
:OSM_PROXY_INBOUND - [0:0]
:OSM_PROXY_IN_REDIRECT - [0:0]
:OSM_PROXY_OUTBOUND - [0:0]
:OSM_PROXY_OUT_REDIRECT - [0:0]
-A OSM_PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-A PREROUTING -p tcp -j OSM_PROXY_INBOUND
-A OSM_PROXY_INBOUND -p tcp --dport 15010 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15901 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15902 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15903 -j RETURN
-A OSM_PROXY_INBOUND -p tcp --dport 15904 -j RETURN
-A OSM_PROXY_INBOUND -p tcp -j OSM_PROXY_IN_REDIRECT
-A OSM_PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
-A OSM_PROXY_OUT_REDIRECT -p tcp --dport 15000 -j ACCEPT
-A OUTPUT -p tcp -j OSM_PROXY_OUTBOUND
-A OSM_PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1500 -j OSM_PROXY_IN_REDIRECT
-A OSM_PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1500 -j RETURN
-A OSM_PROXY_OUTBOUND -m owner --uid-owner 1500 -j RETURN
-A OSM_PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
-A OSM_PROXY_OUTBOUND -j OSM_PROXY_OUT_REDIRECT
COMMIT
EOF
command:
- /bin/sh
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: openservicemesh/init@sha256:f0717caf400d81fb00e63e64710fb78d76da1d396155408b3fc56eeb80d6f0bd
imagePullPolicy: IfNotPresent
name: osm-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
runAsNonRoot: false
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-4xlgr
readOnly: true
nodeName: aks-nodepool1-39371769-vmss000004
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 1001
serviceAccount: server-mongodb
serviceAccountName: server-mongodb
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- configMap:
defaultMode: 360
name: server-mongodb-common-scripts
name: common-scripts
- name: datadir
persistentVolumeClaim:
claimName: server-mongodb
- name: kube-api-access-4xlgr
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
- name: envoy-bootstrap-config-volume
secret:
defaultMode: 420
secretName: envoy-bootstrap-config-d705a837-2f28-4aae-8243-c7e0f3dc11de
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2023-04-11T14:46:36Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2023-04-11T14:46:45Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2023-04-11T14:46:45Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2023-04-11T14:46:21Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: containerd://4722d4836ba89e1efeb62d238d183f12482bc2a57dca55a219dba9932397a07c
image: sha256:5992440fc58784182d65340f36733dac382259e00765468a7e09fd3000b2fec5
imageID: docker.io/envoyproxy/envoy-distroless@sha256:541d31419b95e3c62d8cc0967db9cdb4ad2782cc08faa6f15f04c081200e324a
lastState: {}
name: envoy
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-04-11T14:46:37Z"
- containerID: containerd://1942c46533efbeb13e3fffee9a153a8e5c0d4e9a103a4bbd967cba5a9a124c4c
image: docker.io/bitnami/mongodb:6.0.5-debian-11-r4
imageID: docker.io/bitnami/mongodb@sha256:e6c89880d46af94371958e94166632363882ebeb9b43f74246b23735e392838a
lastState: {}
name: mongodb
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-04-11T14:46:36Z"
hostIP: 10.224.0.8
initContainerStatuses:
- containerID: containerd://3796aa2df37233817e4f6841536e538ee1fa4ee423cea23e27e8e468bce37777
image: sha256:3e1dab5f8ddda38be9e5947d110269032ed676037bff1476e42114037db23b19
imageID: docker.io/openservicemesh/init@sha256:f0717caf400d81fb00e63e64710fb78d76da1d396155408b3fc56eeb80d6f0bd
lastState: {}
name: osm-init
ready: true
restartCount: 0
state:
terminated:
containerID: containerd://3796aa2df37233817e4f6841536e538ee1fa4ee423cea23e27e8e468bce37777
exitCode: 0
finishedAt: "2023-04-11T14:46:35Z"
reason: Completed
startedAt: "2023-04-11T14:46:35Z"
phase: Running
podIP: 10.244.2.38
podIPs:
- ip: 10.244.2.38
qosClass: BestEffort
startTime: "2023-04-11T14:46:21Z"
kind: List
metadata:
resourceVersion: ""
The service
k get svc -o yaml
apiVersion: v1
items:
- apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: server
meta.helm.sh/release-namespace: mongodb
creationTimestamp: "2023-04-11T14:46:17Z"
labels:
app.kubernetes.io/component: mongodb
app.kubernetes.io/instance: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mongodb
helm.sh/chart: mongodb-13.9.4
name: server-mongodb
namespace: mongodb
resourceVersion: "2794517"
uid: 10753b72-ad3a-451c-902f-3c190534bd6e
spec:
clusterIP: 10.0.148.112
clusterIPs:
- 10.0.148.112
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: TCP
name: mongodb
port: 27017
protocol: TCP
targetPort: mongodb
selector:
app.kubernetes.io/component: mongodb
app.kubernetes.io/instance: server
app.kubernetes.io/name: mongodb
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
kind: List
metadata:
resourceVersion: ""
The service account
k get sa -o yaml
apiVersion: v1
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: "2023-04-11T14:48:38Z"
name: client-mongodb
namespace: mongodb
resourceVersion: "2794732"
uid: 10088dd6-ab5f-454b-a9aa-9862c491026f
- apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: "2023-04-11T14:43:31Z"
name: default
namespace: mongodb
resourceVersion: "2793011"
uid: d110ed6f-eb97-41fb-8375-4565c397dbad
- apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
annotations:
meta.helm.sh/release-name: server
meta.helm.sh/release-namespace: mongodb
creationTimestamp: "2023-04-11T14:46:17Z"
labels:
app.kubernetes.io/instance: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mongodb
helm.sh/chart: mongodb-13.9.4
name: server-mongodb
namespace: mongodb
resourceVersion: "2793913"
uid: a1e73f15-e08a-46c6-a051-37f1ec823fd5
secrets:
- name: server-mongodb
kind: List
metadata:
resourceVersion: ""
The TrafficTarget
k get traffictarget -o yaml
apiVersion: v1
items:
- apiVersion: access.smi-spec.io/v1alpha3
kind: TrafficTarget
metadata:
creationTimestamp: "2023-04-11T14:57:25Z"
generation: 1
name: mongodb
namespace: mongodb
resourceVersion: "2797601"
uid: cf1c32a3-8508-43d7-9a7d-bbb65ce48c82
spec:
destination:
kind: ServiceAccount
name: sever-mongodb
namespace: mongodb
rules:
- kind: TCPRoute
name: mongodb
sources:
- kind: ServiceAccount
name: client-mongodb
namespace: mongodb
kind: List
metadata:
resourceVersion: ""
The tcproute
k get tcproute -o yaml
apiVersion: v1
items:
- apiVersion: specs.smi-spec.io/v1alpha4
kind: TCPRoute
metadata:
creationTimestamp: "2023-04-11T14:57:25Z"
generation: 1
name: mongodb
namespace: mongodb
resourceVersion: "2797602"
uid: ff6ca092-564d-4d32-aac8-320e50582b08
spec:
matches:
ports:
- 27017
kind: List
metadata:
resourceVersion: ""
@steeling I forgot to mention that if appProtocol=TCP is not added to the service then even in permissive mode connection does not work, hence this parameter is really important.
@steeling do you think that's possible to have OSM work with mongodb without the permissive mode ?
Unless there's something specific to mongodb it should work as any other datastore with a TCP endpoint, such as our mysql example.
I don't think there is something specific I probably miss something important that was not obvious in the tutorial
I get the same issue with bitnami mysql
kubectl create ns mysql
osm namespace add mysql
helm install server bitnami/mysql -n mysql
kubectl patch -n mysql svc server-mysql --type=json -p='[{"op": "add", "path": "/spec/ports/0/appProtocol", "value": "TCP" }]'
cat <<EOF kubectl create -n mysql -f -
apiVersion: access.smi-spec.io/v1alpha3
kind: TrafficTarget
metadata:
name: mysql
spec:
destination:
kind: ServiceAccount
name: sever-mysql
namespace: mysql
rules:
- kind: TCPRoute
name: mysql
sources:
- kind: ServiceAccount
name: default
namespace: mysql
---
apiVersion: specs.smi-spec.io/v1alpha4
kind: TCPRoute
metadata:
name: mysql
namespace: mysql
spec:
matches:
ports:
- 3306
EOF
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace mysql server-mysql -o jsonpath="{.data.mysql-root-password}" | base64 -d)
kubectl run server-mysql-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mysql:8.0.32-debian-11-r21 --namespace mysql --env MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD --command -- bash
mysql -h server-mysql.mysql.svc.cluster.local -uroot -p"$MYSQL_ROOT_PASSWORD"
And I get a similar error
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
I really don't see what's wrong or not logic in what I do.
Is there a way to check how the envoy proxy is configured, or something that help troubleshoot the routing decision ?
I was just looking quickly at your mongodb ports: properties. I noticed the target port is a name and not a numeric value.
Can you change it to this below:
Yes just did but with no success
k get svc server-mongodb -o yaml
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: server
meta.helm.sh/release-namespace: mongodb
creationTimestamp: "2023-04-11T14:46:17Z"
labels:
app.kubernetes.io/component: mongodb
app.kubernetes.io/instance: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mongodb
helm.sh/chart: mongodb-13.9.4
name: server-mongodb
namespace: mongodb
resourceVersion: "3307979"
uid: 10753b72-ad3a-451c-902f-3c190534bd6e
spec:
clusterIP: 10.0.148.112
clusterIPs:
- 10.0.148.112
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: TCP
name: mongodb
port: 27017
protocol: TCP
targetPort: 27017
selector:
app.kubernetes.io/component: mongodb
app.kubernetes.io/instance: server
app.kubernetes.io/name: mongodb
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
Is there a way to see how the traffictarget and the tcproute are translated in term of envoy configuration (or something else) ?
Is there a way to see how the traffictarget and the tcproute are translated in term of envoy configuration (or something else) ?
Yes, you can run
osm proxy get config_dump <pod> -n <namespace>
Feel free to attach that here for both the client and server.
Finally, can you provide the logs for the osm-controller. With these, we'll work on a repro and get this sorted out
for the client
osm proxy get config_dump client-mongodb -n mongodb
{
"configs": [
{
"@type": "type.googleapis.com/envoy.admin.v3.BootstrapConfigDump",
"bootstrap": {
"node": {
"id": "3acb72a7-591b-4c1c-922b-18af867e144c.sidecar.client-mongodb.mongodb.cluster.local",
"user_agent_name": "envoy",
"user_agent_build_version": {
"version": {
"major_number": 1,
"minor_number": 22,
"patch": 2
},
"metadata": {
"ssl.version": "BoringSSL",
"revision.status": "Clean",
"build.type": "RELEASE",
"revision.sha": "c919bdec19d79e97f4f56e4095706f8e6a383f1c"
}
},
"extensions": [
{
"name": "composite-action",
"category": "envoy.matching.action"
},
{
"name": "skip",
"category": "envoy.matching.action"
},
{
"name": "envoy.bandwidth_limit",
"category": "envoy.filters.http"
},
{
"name": "envoy.buffer",
"category": "envoy.filters.http"
},
{
"name": "envoy.cors",
"category": "envoy.filters.http"
},
{
"name": "envoy.csrf",
"category": "envoy.filters.http"
},
{
"name": "envoy.ext_authz",
"category": "envoy.filters.http"
},
{
"name": "envoy.ext_proc",
"category": "envoy.filters.http"
},
{
"name": "envoy.fault",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.adaptive_concurrency",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.admission_control",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.alternate_protocols_cache",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.aws_lambda",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.aws_request_signing",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.bandwidth_limit",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.buffer",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.cache",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.cdn_loop",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.composite",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.compressor",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.cors",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.csrf",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.decompressor",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.dynamic_forward_proxy",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.dynamo",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ext_authz",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ext_proc",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.fault",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.gcp_authn",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_http1_bridge",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_http1_reverse_bridge",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_json_transcoder",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_stats",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_web",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.header_to_metadata",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.health_check",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ip_tagging",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.jwt_authn",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.local_ratelimit",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.lua",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.oauth2",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.on_demand",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.original_src",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ratelimit",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.rbac",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.router",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.set_metadata",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.stateful_session",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.tap",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.wasm",
"category": "envoy.filters.http"
},
{
"name": "envoy.grpc_http1_bridge",
"category": "envoy.filters.http"
},
{
"name": "envoy.grpc_json_transcoder",
"category": "envoy.filters.http"
},
{
"name": "envoy.grpc_web",
"category": "envoy.filters.http"
},
{
"name": "envoy.health_check",
"category": "envoy.filters.http"
},
{
"name": "envoy.http_dynamo_filter",
"category": "envoy.filters.http"
},
{
"name": "envoy.ip_tagging",
"category": "envoy.filters.http"
},
{
"name": "envoy.local_rate_limit",
"category": "envoy.filters.http"
},
{
"name": "envoy.lua",
"category": "envoy.filters.http"
},
{
"name": "envoy.rate_limit",
"category": "envoy.filters.http"
},
{
"name": "envoy.router",
"category": "envoy.filters.http"
},
{
"name": "match-wrapper",
"category": "envoy.filters.http"
},
{
"name": "envoy.matching.custom_matchers.trie_matcher",
"category": "envoy.matching.network.custom_matchers"
},
{
"name": "envoy.cluster.eds",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.logical_dns",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.original_dst",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.static",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.strict_dns",
"category": "envoy.clusters"
},
{
"name": "envoy.clusters.aggregate",
"category": "envoy.clusters"
},
{
"name": "envoy.clusters.dynamic_forward_proxy",
"category": "envoy.clusters"
},
{
"name": "envoy.clusters.redis",
"category": "envoy.clusters"
},
{
"name": "dubbo.hessian2",
"category": "envoy.dubbo_proxy.serializers"
},
{
"name": "envoy.compression.brotli.compressor",
"category": "envoy.compression.compressor"
},
{
"name": "envoy.compression.gzip.compressor",
"category": "envoy.compression.compressor"
},
{
"name": "envoy.compression.zstd.compressor",
"category": "envoy.compression.compressor"
},
{
"name": "envoy.access_loggers.extension_filters.cel",
"category": "envoy.access_logger.extension_filters"
},
{
"name": "envoy.matching.matchers.consistent_hashing",
"category": "envoy.matching.input_matchers"
},
{
"name": "envoy.matching.matchers.ip",
"category": "envoy.matching.input_matchers"
},
{
"name": "envoy.filters.udp.dns_filter",
"category": "envoy.filters.udp_listener"
},
{
"name": "envoy.filters.udp_listener.udp_proxy",
"category": "envoy.filters.udp_listener"
},
{
"name": "envoy.filters.dubbo.router",
"category": "envoy.dubbo_proxy.filters"
},
{
"name": "envoy.key_value.file_based",
"category": "envoy.common.key_value"
},
{
"name": "envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"category": "envoy.upstream_options"
},
{
"name": "envoy.upstreams.http.http_protocol_options",
"category": "envoy.upstream_options"
},
{
"name": "envoy.watchdog.abort_action",
"category": "envoy.guarddog_actions"
},
{
"name": "envoy.watchdog.profile_action",
"category": "envoy.guarddog_actions"
},
{
"name": "envoy.request_id.uuid",
"category": "envoy.request_id"
},
{
"name": "envoy.matching.inputs.request_headers",
"category": "envoy.matching.http.input"
},
{
"name": "envoy.matching.inputs.request_trailers",
"category": "envoy.matching.http.input"
},
{
"name": "envoy.matching.inputs.response_headers",
"category": "envoy.matching.http.input"
},
{
"name": "envoy.matching.inputs.response_trailers",
"category": "envoy.matching.http.input"
},
{
"name": "envoy.quic.crypto_stream.server.quiche",
"category": "envoy.quic.server.crypto_stream"
},
{
"name": "auto",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "binary",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "binary/non-strict",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "compact",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "twitter",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "envoy.dynamic.ot",
"category": "envoy.tracers"
},
{
"name": "envoy.lightstep",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.datadog",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.dynamic_ot",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.lightstep",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.opencensus",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.skywalking",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.xray",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.zipkin",
"category": "envoy.tracers"
},
{
"name": "envoy.zipkin",
"category": "envoy.tracers"
},
{
"name": "preserve_case",
"category": "envoy.http.stateful_header_formatters"
},
{
"name": "envoy.retry_priorities.previous_priorities",
"category": "envoy.retry_priorities"
},
{
"name": "envoy.quic.proof_source.filter_chain",
"category": "envoy.quic.proof_source"
},
{
"name": "envoy.http.original_ip_detection.custom_header",
"category": "envoy.http.original_ip_detection"
},
{
"name": "envoy.http.original_ip_detection.xff",
"category": "envoy.http.original_ip_detection"
},
{
"name": "envoy.transport_sockets.alts",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.quic",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.raw_buffer",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.starttls",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.tap",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.tcp_stats",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.tls",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.upstream_proxy_protocol",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "raw_buffer",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "starttls",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "tls",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.filters.thrift.header_to_metadata",
"category": "envoy.thrift_proxy.filters"
},
{
"name": "envoy.filters.thrift.rate_limit",
"category": "envoy.thrift_proxy.filters"
},
{
"name": "envoy.filters.thrift.router",
"category": "envoy.thrift_proxy.filters"
},
{
"name": "envoy.retry_host_predicates.omit_canary_hosts",
"category": "envoy.retry_host_predicates"
},
{
"name": "envoy.retry_host_predicates.omit_host_metadata",
"category": "envoy.retry_host_predicates"
},
{
"name": "envoy.retry_host_predicates.previous_hosts",
"category": "envoy.retry_host_predicates"
},
{
"name": "default",
"category": "envoy.dubbo_proxy.route_matchers"
},
{
"name": "envoy.rbac.matchers.upstream_ip_port",
"category": "envoy.rbac.matchers"
},
{
"name": "envoy.matching.inputs.application_protocol",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.destination_ip",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.destination_port",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.direct_source_ip",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.server_name",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.source_ip",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.source_port",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.source_type",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.transport_protocol",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.ip",
"category": "envoy.resolvers"
},
{
"name": "envoy.transport_sockets.alts",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.quic",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.raw_buffer",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.starttls",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.tap",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.tcp_stats",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.tls",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "raw_buffer",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "starttls",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "tls",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.filters.connection_pools.tcp.generic",
"category": "envoy.upstreams"
},
{
"name": "envoy.dog_statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.graphite_statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.metrics_service",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.dog_statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.graphite_statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.hystrix",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.metrics_service",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.wasm",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.compression.brotli.decompressor",
"category": "envoy.compression.decompressor"
},
{
"name": "envoy.compression.gzip.decompressor",
"category": "envoy.compression.decompressor"
},
{
"name": "envoy.compression.zstd.decompressor",
"category": "envoy.compression.decompressor"
},
{
"name": "auto",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "framed",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "header",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "unframed",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "dubbo",
"category": "envoy.dubbo_proxy.protocols"
},
{
"name": "envoy.access_loggers.file",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.http_grpc",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.open_telemetry",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.stderr",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.stdout",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.tcp_grpc",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.wasm",
"category": "envoy.access_loggers"
},
{
"name": "envoy.file_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.http_grpc_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.open_telemetry_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.stderr_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.stdout_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.tcp_grpc_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.wasm_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.client_ssl_auth",
"category": "envoy.filters.network"
},
{
"name": "envoy.echo",
"category": "envoy.filters.network"
},
{
"name": "envoy.ext_authz",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.client_ssl_auth",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.connection_limit",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.direct_response",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.dubbo_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.echo",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.ext_authz",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.http_connection_manager",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.local_ratelimit",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.mongo_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.ratelimit",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.rbac",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.redis_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.sni_cluster",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.sni_dynamic_forward_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.tcp_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.thrift_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.wasm",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.zookeeper_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.http_connection_manager",
"category": "envoy.filters.network"
},
{
"name": "envoy.mongo_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.ratelimit",
"category": "envoy.filters.network"
},
{
"name": "envoy.redis_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.tcp_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.config.validators.minimum_clusters",
"category": "envoy.config.validators"
},
{
"name": "envoy.config.validators.minimum_clusters_validator",
"category": "envoy.config.validators"
},
{
"name": "envoy.filters.listener.http_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.original_dst",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.original_src",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.proxy_protocol",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.tls_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.http_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.original_dst",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.original_src",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.proxy_protocol",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.tls_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.health_checkers.redis",
"category": "envoy.health_checkers"
},
{
"name": "envoy.internal_redirect_predicates.allow_listed_routes",
"category": "envoy.internal_redirect_predicates"
},
{
"name": "envoy.internal_redirect_predicates.previous_routes",
"category": "envoy.internal_redirect_predicates"
},
{
"name": "envoy.internal_redirect_predicates.safe_cross_scheme",
"category": "envoy.internal_redirect_predicates"
},
{
"name": "envoy.tls.cert_validator.default",
"category": "envoy.tls.cert_validator"
},
{
"name": "envoy.tls.cert_validator.spiffe",
"category": "envoy.tls.cert_validator"
},
{
"name": "envoy.formatter.metadata",
"category": "envoy.formatter"
},
{
"name": "envoy.formatter.req_without_query",
"category": "envoy.formatter"
},
{
"name": "envoy.rate_limit_descriptors.expr",
"category": "envoy.rate_limit_descriptors"
},
{
"name": "envoy.matching.common_inputs.environment_variable",
"category": "envoy.matching.common_inputs"
},
{
"name": "envoy.network.dns_resolver.cares",
"category": "envoy.network.dns_resolver"
},
{
"name": "envoy.bootstrap.internal_listener",
"category": "envoy.bootstrap"
},
{
"name": "envoy.bootstrap.wasm",
"category": "envoy.bootstrap"
},
{
"name": "envoy.extensions.network.socket_interface.default_socket_interface",
"category": "envoy.bootstrap"
},
{
"name": "envoy.extensions.http.cache.simple",
"category": "envoy.http.cache"
},
{
"name": "envoy.grpc_credentials.aws_iam",
"category": "envoy.grpc_credentials"
},
{
"name": "envoy.grpc_credentials.default",
"category": "envoy.grpc_credentials"
},
{
"name": "envoy.grpc_credentials.file_based_metadata",
"category": "envoy.grpc_credentials"
},
{
"name": "envoy.wasm.runtime.null",
"category": "envoy.wasm.runtime"
},
{
"name": "envoy.wasm.runtime.v8",
"category": "envoy.wasm.runtime"
},
{
"name": "default",
"category": "network.connection.client"
},
{
"name": "envoy_internal",
"category": "network.connection.client"
},
{
"name": "envoy.http.stateful_session.cookie",
"category": "envoy.http.stateful_session"
},
{
"name": "envoy.resource_monitors.fixed_heap",
"category": "envoy.resource_monitors"
},
{
"name": "envoy.resource_monitors.injected_resource",
"category": "envoy.resource_monitors"
}
]
},
"static_resources": {
"clusters": [
{
"name": "osm-controller",
"type": "LOGICAL_DNS",
"transport_socket": {
"name": "envoy.transport_sockets.tls",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
"common_tls_context": {
"tls_params": {
"tls_minimum_protocol_version": "TLSv1_2",
"tls_maximum_protocol_version": "TLSv1_3"
},
"alpn_protocols": [
"h2"
],
"tls_certificate_sds_secret_configs": [
{
"name": "tls_sds",
"sds_config": {
"path": "/etc/envoy/tls_certificate_sds_secret.yaml"
}
}
],
"validation_context_sds_secret_config": {
"name": "validation_context_sds",
"sds_config": {
"path": "/etc/envoy/validation_context_sds_secret.yaml"
}
}
}
}
},
"upstream_connection_options": {
"tcp_keepalive": {
"keepalive_probes": 5,
"keepalive_time": 60,
"keepalive_interval": 5
}
},
"load_assignment": {
"cluster_name": "osm-controller",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "osm-controller.osm-system.svc.cluster.local",
"port_value": 15128
}
}
}
}
]
}
]
},
"typed_extension_protocol_options": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"explicit_http_config": {
"http2_protocol_options": {}
}
}
}
}
]
},
"dynamic_resources": {
"lds_config": {
"ads": {},
"resource_api_version": "V3"
},
"cds_config": {
"ads": {},
"resource_api_version": "V3"
},
"ads_config": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "osm-controller"
}
}
],
"set_node_on_first_message_only": true,
"transport_api_version": "V3"
}
},
"admin": {
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 15000
}
},
"access_log": [
{
"name": "envoy.access_loggers.stream",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog"
}
}
]
}
},
"last_updated": "2023-04-12T16:56:09.339Z"
},
{
"@type": "type.googleapis.com/envoy.admin.v3.ClustersConfigDump",
"version_info": "1",
"static_clusters": [
{
"cluster": {
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "osm-controller",
"type": "LOGICAL_DNS",
"transport_socket": {
"name": "envoy.transport_sockets.tls",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
"common_tls_context": {
"tls_params": {
"tls_minimum_protocol_version": "TLSv1_2",
"tls_maximum_protocol_version": "TLSv1_3"
},
"alpn_protocols": [
"h2"
],
"tls_certificate_sds_secret_configs": [
{
"name": "tls_sds",
"sds_config": {
"path": "/etc/envoy/tls_certificate_sds_secret.yaml"
}
}
],
"validation_context_sds_secret_config": {
"name": "validation_context_sds",
"sds_config": {
"path": "/etc/envoy/validation_context_sds_secret.yaml"
}
}
}
}
},
"upstream_connection_options": {
"tcp_keepalive": {
"keepalive_probes": 5,
"keepalive_time": 60,
"keepalive_interval": 5
}
},
"load_assignment": {
"cluster_name": "osm-controller",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "osm-controller.osm-system.svc.cluster.local",
"port_value": 15128
}
}
}
}
]
}
]
},
"typed_extension_protocol_options": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"explicit_http_config": {
"http2_protocol_options": {}
}
}
}
},
"last_updated": "2023-04-12T16:56:09.343Z"
}
],
"dynamic_active_clusters": [
{
"version_info": "1",
"cluster": {
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "envoy-tracing-cluster",
"type": "LOGICAL_DNS",
"alt_stat_name": "envoy-tracing-cluster",
"load_assignment": {
"cluster_name": "envoy-tracing-cluster",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "jaeger.osm-system.svc.cluster.local",
"port_value": 9411
}
}
}
}
]
}
]
}
},
"last_updated": "2023-04-12T16:56:10.143Z"
},
{
"version_info": "1",
"cluster": {
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "passthrough-outbound",
"type": "ORIGINAL_DST",
"lb_policy": "CLUSTER_PROVIDED",
"circuit_breakers": {
"thresholds": [
{
"max_connections": 4294967295,
"max_pending_requests": 4294967295,
"max_requests": 4294967295,
"max_retries": 4294967295,
"track_remaining": true
}
]
},
"typed_extension_protocol_options": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"use_downstream_protocol_config": {
"http2_protocol_options": {}
}
}
}
},
"last_updated": "2023-04-12T16:56:10.142Z"
}
]
},
{
"@type": "type.googleapis.com/envoy.admin.v3.ListenersConfigDump",
"version_info": "1",
"dynamic_listeners": [
{
"name": "outbound-listener",
"active_state": {
"version_info": "1",
"listener": {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "outbound-listener",
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 15001
}
},
"listener_filters": [
{
"name": "original_dst",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst"
}
},
{
"name": "tls_inspector",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
}
},
{
"name": "http_inspector",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector"
}
}
],
"traffic_direction": "OUTBOUND",
"continue_on_listener_filters_timeout": true,
"access_log": [
{
"name": "envoy.access_loggers.stream",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog",
"log_format": {
"json_format": {
"protocol": "%PROTOCOL%",
"response_code": "%RESPONSE_CODE%",
"bytes_received": "%BYTES_RECEIVED%",
"bytes_sent": "%BYTES_SENT%",
"upstream_host": "%UPSTREAM_HOST%",
"method": "%REQ(:METHOD)%",
"upstream_cluster": "%UPSTREAM_CLUSTER%",
"response_flags": "%RESPONSE_FLAGS%",
"user_agent": "%REQ(USER-AGENT)%",
"requested_server_name": "%REQUESTED_SERVER_NAME%",
"response_code_details": "%RESPONSE_CODE_DETAILS%",
"time_to_first_byte": "%RESPONSE_DURATION%",
"x_forwarded_for": "%REQ(X-FORWARDED-FOR)%",
"request_id": "%REQ(X-REQUEST-ID)%",
"start_time": "%START_TIME%",
"path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
"duration": "%DURATION%",
"upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
"authority": "%REQ(:AUTHORITY)%"
}
}
}
}
],
"default_filter_chain": {
"filters": [
{
"name": "tcp_proxy",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"stat_prefix": "egress-tcp-proxy.passthrough-outbound",
"cluster": "passthrough-outbound"
}
}
],
"name": "outbound-egress-filter-chain"
}
},
"last_updated": "2023-04-12T16:56:10.164Z"
}
}
]
},
{
"@type": "type.googleapis.com/envoy.admin.v3.SecretsConfigDump",
"dynamic_active_secrets": [
{
"name": "tls_sds",
"last_updated": "2023-04-12T16:56:09.345Z",
"secret": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
"name": "tls_sds",
"tls_certificate": {
"certificate_chain": {
"inline_bytes": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVIVENDQXdXZ0F3SUJBZ0lSQU5pL2JKbHo2Rks4YVp6d0pGN0NqK1l3RFFZSktvWklodmNOQVFFTEJRQXcKV2pFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBY1RBa05CTVJvd0dBWURWUVFLRXhGUGNHVnVJRk5sY25acApZMlVnVFdWemFERWlNQ0FHQTFVRUF4TVpiM050TFdOaExtOXdaVzV6WlhKMmFXTmxiV1Z6YUM1cGJ6QWVGdzB5Ck16QTBNVEl4TmpVMk1EWmFGdzB6TXpBME1Ea3hOalUyTURaYU1IZ3hHakFZQmdOVkJBb1RFVTl3Wlc0Z1UyVnkKZG1salpTQk5aWE5vTVZvd1dBWURWUVFERTFFellXTmlOekpoTnkwMU9URmlMVFJqTVdNdE9USXlZaTB4T0dGbQpPRFkzWlRFME5HTXVjMmxrWldOaGNpNWpiR2xsYm5RdGJXOXVaMjlrWWk1dGIyNW5iMlJpTG1Oc2RYTjBaWEl1CmJHOWpZV3d3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFFBQzFSenRjQjJyelUKSUhsem5QZis3QUVkNjJCMHFMbDdhc3A0S1dod2dVREJxZEhEQnN3cXFOcHBXYmw0WVBpRHg1bFFOSk1LVllrawpBaW1iUEMyRlZkTVdZdElOYkhXQWlzU2lPNlVxRlovMVNmTHJxWGx5UXhiRmlrcDhxUmpZZ284TGFlbFdqQ25NCkpma2dSSjl1RkV6bWFuM1BodHZyVk5tQi9wQlRmRzF6VWppMWlaTWhEd0tQRlhUVWd3enN0cjZmeEI0V2pzVloKR0FRY2xHWUN1eTI4VklSVlM1VmZyMmZtWXRQMjVvR3dLU3YxTXpyMEM0RWtQQytTTW82aVcrazRqYzM2eTVpMgpLaXNVNmR0dldneFBUR2g0V0h3eEwrRnluRXI5OTl4ZDFlNENlbGFGM1h6YUU0VmQ3Y25yWlQ0dXYvclRCdVc1CkdZYXlIYWpMQWdNQkFBR2pnYjh3Z2J3d0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRR0NDc0cKQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFNQmdOVkhSTUJBZjhFQWpBQU1COEdBMVVkSXdRWU1CYUFGTUF1VnFDTgpTN00rcjM4dDRXd0FhTmxaRGJ3Y01Gd0dBMVVkRVFSVk1GT0NVVE5oWTJJM01tRTNMVFU1TVdJdE5HTXhZeTA1Ck1qSmlMVEU0WVdZNE5qZGxNVFEwWXk1emFXUmxZMkZ5TG1Oc2FXVnVkQzF0YjI1bmIyUmlMbTF2Ym1kdlpHSXUKWTJ4MWMzUmxjaTVzYjJOaGJEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFtYWlUWWJnMmQvdzYxTHZhbkhXbAo5RVBCUUE4N29tbi93RWdDMlJsRk1LbWJLTTY0Zm9NeEpJb1NINlJhbnFhVzhhWTZ2SnpvRjFNUWovUU93RFY3CkNUbDN0SE4xSGJpZzViU2dHOG1IRGIyTGF3aHltYXh3RVRzRmtnTjBMRVFsUldybFhUNnY0NkpRSk1rV3duMCsKYnNwQlFOSktlNTAvaGVKaFVFaWt1a0JPNXMwRElGcGc1V243cEVCN0xVZWRSdjEzbVNXRUtZNDZCekN2L2l0ZgpMRDVlQTE3RjZYTTdlVExjQzkxbVhCcU1IbmhjQUtseCtlNmQ5WEJxeUg3K2dwaVl1KzF3K29hME5IVTV2TERtCnJHd2lIdDZZT1M4S1gvR2V3Y2ZyS08yc01tSHgweEVvR3cwUUQrTFJqODhWWmluOG8wTGhFVWh0a2UxVVZSa3AKNFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
},
"private_key": {
"inline_bytes": "W3JlZGFjdGVkXQ=="
}
}
}
},
{
"name": "validation_context_sds",
"last_updated": "2023-04-12T16:56:09.346Z",
"secret": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
"name": "validation_context_sds",
"validation_context": {
"trusted_ca": {
"inline_bytes": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURnRENDQW1pZ0F3SUJBZ0lRTjJCbzRKaE9MNzdTanpVUnhmSHNvakFOQmdrcWhraUc5dzBCQVFzRkFEQmEKTVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHQTFVRUJ4TUNRMEV4R2pBWUJnTlZCQW9URVU5d1pXNGdVMlZ5ZG1sagpaU0JOWlhOb01TSXdJQVlEVlFRREV4bHZjMjB0WTJFdWIzQmxibk5sY25acFkyVnRaWE5vTG1sdk1CNFhEVEl6Ck1EUXdOakV5TkRnd04xb1hEVE16TURRd016RXlORGd3TjFvd1dqRUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlYKQkFjVEFrTkJNUm93R0FZRFZRUUtFeEZQY0dWdUlGTmxjblpwWTJVZ1RXVnphREVpTUNBR0ExVUVBeE1aYjNOdApMV05oTG05d1pXNXpaWEoyYVdObGJXVnphQzVwYnpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQU5zV0ovODFzS1ZpMHN5R0pCRWNtRWtUckQ1VUVrQUF6YTJ4SHdDUjJSNmpWaFZRejQ0TUtob3kKSkpsNzRZbERZV0ZTQThwdXk2MHcwNkpNS3hMQUhPZ3MwdzhYZllxUVAvYkV6aG5GaG9BS0VOT29kVVA5cEJSMgpYS3FEVzh0c3lWbk5CanZjZGhQelhjTTVFYzBnZnJpRjRjWUZDY0dvVGN1RmJnU1d4WVdCejBUUEprSmtIL2x6CjF0bXMyYlVhZldwQVcrS0FrUVgzRlNQMWE2S3IwOUN0cTdUc09EcVdhc0Z0RVUyYzJoa2NYOVprRCtEMmY3eC8KT21MWlRjb1V5YlRaZGdjcVFNeG5Vajk3TDhoNTYvVEgxbzJHU1JPcHh2L2NYV0hsWlpQOFZyVzZVU0M3NVRWTQp4My9XcUs0OHVDZjJuM3NIZ2pmejg5M0llbXJJV0o4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHCk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNQXVWcUNOUzdNK3IzOHQ0V3dBYU5sWkRid2MKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCZkdnQVNhTUY5THBIRCtZTDNMQTlyMGorNVF1MVpOUkFsdHpxbAo3Q3FoamRlZU1WbDVCRE9kZmhhK0ZhVWRhK2tkZ0tVazdxSHg2Slp4K2RmVE5oSW1UTkc1SmVGYlcvWGdqNkswCjVqMld0eS9rY1RFVkh6QnhwZFVnTDB6YVA5aHMvelpUVEY4bXNabVoxSmxFRHVlSi9yRU0vcmRuUW5WSkxVbkwKOGZaRkF1NjRlY3ZydlZDcnk1Snl3ZnVpQVIzdlpWUXZMTTdSR0JSODVpa2dqY2xweTgwcktCK29MZW1NZHVMNQpCSDI3WjJtUXdZR2FaTjVOVFVwelVDQmNKcnJGb2JtTkJhVCtYSG9hODA1MDIwV0FpY3hsTGc5N0YyMSs1eGVNCm12MzQzN2JDM0FUZWM0WjUydk5RMk9FMXdScVdtR0p3MXQ5aC8xK3FWME5EL2JtVgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
}
}
}
}
]
}
]
}
For the server
osm proxy get config_dump server-mongodb-6cb9cb8954-qrbwx -n mongodb
{
"configs": [
{
"@type": "type.googleapis.com/envoy.admin.v3.BootstrapConfigDump",
"bootstrap": {
"node": {
"id": "414a2b8f-8bbd-48c2-9fe9-eb4dd65fa435.sidecar.server-mongodb.mongodb.cluster.local",
"user_agent_name": "envoy",
"user_agent_build_version": {
"version": {
"major_number": 1,
"minor_number": 22,
"patch": 2
},
"metadata": {
"ssl.version": "BoringSSL",
"revision.status": "Clean",
"revision.sha": "c919bdec19d79e97f4f56e4095706f8e6a383f1c",
"build.type": "RELEASE"
}
},
"extensions": [
{
"name": "envoy.grpc_credentials.aws_iam",
"category": "envoy.grpc_credentials"
},
{
"name": "envoy.grpc_credentials.default",
"category": "envoy.grpc_credentials"
},
{
"name": "envoy.grpc_credentials.file_based_metadata",
"category": "envoy.grpc_credentials"
},
{
"name": "envoy.filters.udp.dns_filter",
"category": "envoy.filters.udp_listener"
},
{
"name": "envoy.filters.udp_listener.udp_proxy",
"category": "envoy.filters.udp_listener"
},
{
"name": "envoy.ip",
"category": "envoy.resolvers"
},
{
"name": "auto",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "binary",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "binary/non-strict",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "compact",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "twitter",
"category": "envoy.thrift_proxy.protocols"
},
{
"name": "envoy.filters.dubbo.router",
"category": "envoy.dubbo_proxy.filters"
},
{
"name": "envoy.tls.cert_validator.default",
"category": "envoy.tls.cert_validator"
},
{
"name": "envoy.tls.cert_validator.spiffe",
"category": "envoy.tls.cert_validator"
},
{
"name": "envoy.dog_statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.graphite_statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.metrics_service",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.dog_statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.graphite_statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.hystrix",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.metrics_service",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.stat_sinks.wasm",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.statsd",
"category": "envoy.stats_sinks"
},
{
"name": "envoy.formatter.metadata",
"category": "envoy.formatter"
},
{
"name": "envoy.formatter.req_without_query",
"category": "envoy.formatter"
},
{
"name": "envoy.retry_priorities.previous_priorities",
"category": "envoy.retry_priorities"
},
{
"name": "envoy.internal_redirect_predicates.allow_listed_routes",
"category": "envoy.internal_redirect_predicates"
},
{
"name": "envoy.internal_redirect_predicates.previous_routes",
"category": "envoy.internal_redirect_predicates"
},
{
"name": "envoy.internal_redirect_predicates.safe_cross_scheme",
"category": "envoy.internal_redirect_predicates"
},
{
"name": "envoy.matching.matchers.consistent_hashing",
"category": "envoy.matching.input_matchers"
},
{
"name": "envoy.matching.matchers.ip",
"category": "envoy.matching.input_matchers"
},
{
"name": "envoy.rate_limit_descriptors.expr",
"category": "envoy.rate_limit_descriptors"
},
{
"name": "envoy.http.stateful_session.cookie",
"category": "envoy.http.stateful_session"
},
{
"name": "envoy.resource_monitors.fixed_heap",
"category": "envoy.resource_monitors"
},
{
"name": "envoy.resource_monitors.injected_resource",
"category": "envoy.resource_monitors"
},
{
"name": "envoy.quic.proof_source.filter_chain",
"category": "envoy.quic.proof_source"
},
{
"name": "envoy.matching.common_inputs.environment_variable",
"category": "envoy.matching.common_inputs"
},
{
"name": "envoy.cluster.eds",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.logical_dns",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.original_dst",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.static",
"category": "envoy.clusters"
},
{
"name": "envoy.cluster.strict_dns",
"category": "envoy.clusters"
},
{
"name": "envoy.clusters.aggregate",
"category": "envoy.clusters"
},
{
"name": "envoy.clusters.dynamic_forward_proxy",
"category": "envoy.clusters"
},
{
"name": "envoy.clusters.redis",
"category": "envoy.clusters"
},
{
"name": "preserve_case",
"category": "envoy.http.stateful_header_formatters"
},
{
"name": "envoy.filters.listener.http_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.original_dst",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.original_src",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.proxy_protocol",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.listener.tls_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.http_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.original_dst",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.original_src",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.proxy_protocol",
"category": "envoy.filters.listener"
},
{
"name": "envoy.listener.tls_inspector",
"category": "envoy.filters.listener"
},
{
"name": "envoy.filters.connection_pools.tcp.generic",
"category": "envoy.upstreams"
},
{
"name": "envoy.matching.inputs.application_protocol",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.destination_ip",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.destination_port",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.direct_source_ip",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.server_name",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.source_ip",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.source_port",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.source_type",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.matching.inputs.transport_protocol",
"category": "envoy.matching.network.input"
},
{
"name": "envoy.health_checkers.redis",
"category": "envoy.health_checkers"
},
{
"name": "default",
"category": "network.connection.client"
},
{
"name": "envoy_internal",
"category": "network.connection.client"
},
{
"name": "envoy.access_loggers.file",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.http_grpc",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.open_telemetry",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.stderr",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.stdout",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.tcp_grpc",
"category": "envoy.access_loggers"
},
{
"name": "envoy.access_loggers.wasm",
"category": "envoy.access_loggers"
},
{
"name": "envoy.file_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.http_grpc_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.open_telemetry_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.stderr_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.stdout_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.tcp_grpc_access_log",
"category": "envoy.access_loggers"
},
{
"name": "envoy.wasm_access_log",
"category": "envoy.access_loggers"
},
{
"name": "dubbo",
"category": "envoy.dubbo_proxy.protocols"
},
{
"name": "envoy.watchdog.abort_action",
"category": "envoy.guarddog_actions"
},
{
"name": "envoy.watchdog.profile_action",
"category": "envoy.guarddog_actions"
},
{
"name": "envoy.key_value.file_based",
"category": "envoy.common.key_value"
},
{
"name": "dubbo.hessian2",
"category": "envoy.dubbo_proxy.serializers"
},
{
"name": "envoy.dynamic.ot",
"category": "envoy.tracers"
},
{
"name": "envoy.lightstep",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.datadog",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.dynamic_ot",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.lightstep",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.opencensus",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.skywalking",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.xray",
"category": "envoy.tracers"
},
{
"name": "envoy.tracers.zipkin",
"category": "envoy.tracers"
},
{
"name": "envoy.zipkin",
"category": "envoy.tracers"
},
{
"name": "envoy.transport_sockets.alts",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.quic",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.raw_buffer",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.starttls",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.tap",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.tcp_stats",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.tls",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.transport_sockets.upstream_proxy_protocol",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "raw_buffer",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "starttls",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "tls",
"category": "envoy.transport_sockets.upstream"
},
{
"name": "envoy.compression.brotli.compressor",
"category": "envoy.compression.compressor"
},
{
"name": "envoy.compression.gzip.compressor",
"category": "envoy.compression.compressor"
},
{
"name": "envoy.compression.zstd.compressor",
"category": "envoy.compression.compressor"
},
{
"name": "envoy.client_ssl_auth",
"category": "envoy.filters.network"
},
{
"name": "envoy.echo",
"category": "envoy.filters.network"
},
{
"name": "envoy.ext_authz",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.client_ssl_auth",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.connection_limit",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.direct_response",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.dubbo_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.echo",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.ext_authz",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.http_connection_manager",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.local_ratelimit",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.mongo_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.ratelimit",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.rbac",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.redis_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.sni_cluster",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.sni_dynamic_forward_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.tcp_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.thrift_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.wasm",
"category": "envoy.filters.network"
},
{
"name": "envoy.filters.network.zookeeper_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.http_connection_manager",
"category": "envoy.filters.network"
},
{
"name": "envoy.mongo_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.ratelimit",
"category": "envoy.filters.network"
},
{
"name": "envoy.redis_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.tcp_proxy",
"category": "envoy.filters.network"
},
{
"name": "envoy.compression.brotli.decompressor",
"category": "envoy.compression.decompressor"
},
{
"name": "envoy.compression.gzip.decompressor",
"category": "envoy.compression.decompressor"
},
{
"name": "envoy.compression.zstd.decompressor",
"category": "envoy.compression.decompressor"
},
{
"name": "envoy.bandwidth_limit",
"category": "envoy.filters.http"
},
{
"name": "envoy.buffer",
"category": "envoy.filters.http"
},
{
"name": "envoy.cors",
"category": "envoy.filters.http"
},
{
"name": "envoy.csrf",
"category": "envoy.filters.http"
},
{
"name": "envoy.ext_authz",
"category": "envoy.filters.http"
},
{
"name": "envoy.ext_proc",
"category": "envoy.filters.http"
},
{
"name": "envoy.fault",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.adaptive_concurrency",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.admission_control",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.alternate_protocols_cache",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.aws_lambda",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.aws_request_signing",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.bandwidth_limit",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.buffer",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.cache",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.cdn_loop",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.composite",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.compressor",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.cors",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.csrf",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.decompressor",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.dynamic_forward_proxy",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.dynamo",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ext_authz",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ext_proc",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.fault",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.gcp_authn",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_http1_bridge",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_http1_reverse_bridge",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_json_transcoder",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_stats",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.grpc_web",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.header_to_metadata",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.health_check",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ip_tagging",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.jwt_authn",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.local_ratelimit",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.lua",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.oauth2",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.on_demand",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.original_src",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.ratelimit",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.rbac",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.router",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.set_metadata",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.stateful_session",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.tap",
"category": "envoy.filters.http"
},
{
"name": "envoy.filters.http.wasm",
"category": "envoy.filters.http"
},
{
"name": "envoy.grpc_http1_bridge",
"category": "envoy.filters.http"
},
{
"name": "envoy.grpc_json_transcoder",
"category": "envoy.filters.http"
},
{
"name": "envoy.grpc_web",
"category": "envoy.filters.http"
},
{
"name": "envoy.health_check",
"category": "envoy.filters.http"
},
{
"name": "envoy.http_dynamo_filter",
"category": "envoy.filters.http"
},
{
"name": "envoy.ip_tagging",
"category": "envoy.filters.http"
},
{
"name": "envoy.local_rate_limit",
"category": "envoy.filters.http"
},
{
"name": "envoy.lua",
"category": "envoy.filters.http"
},
{
"name": "envoy.rate_limit",
"category": "envoy.filters.http"
},
{
"name": "envoy.router",
"category": "envoy.filters.http"
},
{
"name": "match-wrapper",
"category": "envoy.filters.http"
},
{
"name": "envoy.wasm.runtime.null",
"category": "envoy.wasm.runtime"
},
{
"name": "envoy.wasm.runtime.v8",
"category": "envoy.wasm.runtime"
},
{
"name": "envoy.access_loggers.extension_filters.cel",
"category": "envoy.access_logger.extension_filters"
},
{
"name": "envoy.filters.thrift.header_to_metadata",
"category": "envoy.thrift_proxy.filters"
},
{
"name": "envoy.filters.thrift.rate_limit",
"category": "envoy.thrift_proxy.filters"
},
{
"name": "envoy.filters.thrift.router",
"category": "envoy.thrift_proxy.filters"
},
{
"name": "envoy.http.original_ip_detection.custom_header",
"category": "envoy.http.original_ip_detection"
},
{
"name": "envoy.http.original_ip_detection.xff",
"category": "envoy.http.original_ip_detection"
},
{
"name": "envoy.config.validators.minimum_clusters",
"category": "envoy.config.validators"
},
{
"name": "envoy.config.validators.minimum_clusters_validator",
"category": "envoy.config.validators"
},
{
"name": "envoy.request_id.uuid",
"category": "envoy.request_id"
},
{
"name": "envoy.matching.inputs.request_headers",
"category": "envoy.matching.http.input"
},
{
"name": "envoy.matching.inputs.request_trailers",
"category": "envoy.matching.http.input"
},
{
"name": "envoy.matching.inputs.response_headers",
"category": "envoy.matching.http.input"
},
{
"name": "envoy.matching.inputs.response_trailers",
"category": "envoy.matching.http.input"
},
{
"name": "composite-action",
"category": "envoy.matching.action"
},
{
"name": "skip",
"category": "envoy.matching.action"
},
{
"name": "envoy.quic.crypto_stream.server.quiche",
"category": "envoy.quic.server.crypto_stream"
},
{
"name": "envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"category": "envoy.upstream_options"
},
{
"name": "envoy.upstreams.http.http_protocol_options",
"category": "envoy.upstream_options"
},
{
"name": "envoy.retry_host_predicates.omit_canary_hosts",
"category": "envoy.retry_host_predicates"
},
{
"name": "envoy.retry_host_predicates.omit_host_metadata",
"category": "envoy.retry_host_predicates"
},
{
"name": "envoy.retry_host_predicates.previous_hosts",
"category": "envoy.retry_host_predicates"
},
{
"name": "envoy.bootstrap.internal_listener",
"category": "envoy.bootstrap"
},
{
"name": "envoy.bootstrap.wasm",
"category": "envoy.bootstrap"
},
{
"name": "envoy.extensions.network.socket_interface.default_socket_interface",
"category": "envoy.bootstrap"
},
{
"name": "envoy.transport_sockets.alts",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.quic",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.raw_buffer",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.starttls",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.tap",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.tcp_stats",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.transport_sockets.tls",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "raw_buffer",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "starttls",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "tls",
"category": "envoy.transport_sockets.downstream"
},
{
"name": "envoy.extensions.http.cache.simple",
"category": "envoy.http.cache"
},
{
"name": "envoy.network.dns_resolver.cares",
"category": "envoy.network.dns_resolver"
},
{
"name": "auto",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "framed",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "header",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "unframed",
"category": "envoy.thrift_proxy.transports"
},
{
"name": "default",
"category": "envoy.dubbo_proxy.route_matchers"
},
{
"name": "envoy.rbac.matchers.upstream_ip_port",
"category": "envoy.rbac.matchers"
},
{
"name": "envoy.matching.custom_matchers.trie_matcher",
"category": "envoy.matching.network.custom_matchers"
}
]
},
"static_resources": {
"clusters": [
{
"name": "osm-controller",
"type": "LOGICAL_DNS",
"transport_socket": {
"name": "envoy.transport_sockets.tls",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
"common_tls_context": {
"tls_params": {
"tls_minimum_protocol_version": "TLSv1_2",
"tls_maximum_protocol_version": "TLSv1_3"
},
"alpn_protocols": [
"h2"
],
"tls_certificate_sds_secret_configs": [
{
"name": "tls_sds",
"sds_config": {
"path": "/etc/envoy/tls_certificate_sds_secret.yaml"
}
}
],
"validation_context_sds_secret_config": {
"name": "validation_context_sds",
"sds_config": {
"path": "/etc/envoy/validation_context_sds_secret.yaml"
}
}
}
}
},
"upstream_connection_options": {
"tcp_keepalive": {
"keepalive_probes": 5,
"keepalive_time": 60,
"keepalive_interval": 5
}
},
"load_assignment": {
"cluster_name": "osm-controller",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "osm-controller.osm-system.svc.cluster.local",
"port_value": 15128
}
}
}
}
]
}
]
},
"typed_extension_protocol_options": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"explicit_http_config": {
"http2_protocol_options": {}
}
}
}
}
]
},
"dynamic_resources": {
"lds_config": {
"ads": {},
"resource_api_version": "V3"
},
"cds_config": {
"ads": {},
"resource_api_version": "V3"
},
"ads_config": {
"api_type": "GRPC",
"grpc_services": [
{
"envoy_grpc": {
"cluster_name": "osm-controller"
}
}
],
"set_node_on_first_message_only": true,
"transport_api_version": "V3"
}
},
"admin": {
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 15000
}
},
"access_log": [
{
"name": "envoy.access_loggers.stream",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog"
}
}
]
}
},
"last_updated": "2023-04-12T16:55:21.359Z"
},
{
"@type": "type.googleapis.com/envoy.admin.v3.ClustersConfigDump",
"version_info": "1",
"static_clusters": [
{
"cluster": {
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "osm-controller",
"type": "LOGICAL_DNS",
"transport_socket": {
"name": "envoy.transport_sockets.tls",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
"common_tls_context": {
"tls_params": {
"tls_minimum_protocol_version": "TLSv1_2",
"tls_maximum_protocol_version": "TLSv1_3"
},
"alpn_protocols": [
"h2"
],
"tls_certificate_sds_secret_configs": [
{
"name": "tls_sds",
"sds_config": {
"path": "/etc/envoy/tls_certificate_sds_secret.yaml"
}
}
],
"validation_context_sds_secret_config": {
"name": "validation_context_sds",
"sds_config": {
"path": "/etc/envoy/validation_context_sds_secret.yaml"
}
}
}
}
},
"upstream_connection_options": {
"tcp_keepalive": {
"keepalive_probes": 5,
"keepalive_time": 60,
"keepalive_interval": 5
}
},
"load_assignment": {
"cluster_name": "osm-controller",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "osm-controller.osm-system.svc.cluster.local",
"port_value": 15128
}
}
}
}
]
}
]
},
"typed_extension_protocol_options": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"explicit_http_config": {
"http2_protocol_options": {}
}
}
}
},
"last_updated": "2023-04-12T16:55:21.366Z"
}
],
"dynamic_active_clusters": [
{
"version_info": "1",
"cluster": {
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "envoy-tracing-cluster",
"type": "LOGICAL_DNS",
"alt_stat_name": "envoy-tracing-cluster",
"load_assignment": {
"cluster_name": "envoy-tracing-cluster",
"endpoints": [
{
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "jaeger.osm-system.svc.cluster.local",
"port_value": 9411
}
}
}
}
]
}
]
}
},
"last_updated": "2023-04-12T16:55:21.446Z"
},
{
"version_info": "1",
"cluster": {
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "mongodb/server-mongodb|27017|local",
"type": "STRICT_DNS",
"dns_lookup_family": "V4_ONLY",
"alt_stat_name": "mongodb/server-mongodb|27017|local",
"load_assignment": {
"cluster_name": "mongodb/server-mongodb|27017|local",
"endpoints": [
{
"locality": {
"zone": "zone"
},
"lb_endpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 27017
}
}
},
"load_balancing_weight": 100
}
]
}
]
},
"typed_extension_protocol_options": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"use_downstream_protocol_config": {
"http2_protocol_options": {}
}
}
},
"respect_dns_ttl": true
},
"last_updated": "2023-04-12T16:55:21.445Z"
},
{
"version_info": "1",
"cluster": {
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "passthrough-outbound",
"type": "ORIGINAL_DST",
"lb_policy": "CLUSTER_PROVIDED",
"circuit_breakers": {
"thresholds": [
{
"max_connections": 4294967295,
"max_pending_requests": 4294967295,
"max_requests": 4294967295,
"max_retries": 4294967295,
"track_remaining": true
}
]
},
"typed_extension_protocol_options": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
"use_downstream_protocol_config": {
"http2_protocol_options": {}
}
}
}
},
"last_updated": "2023-04-12T16:55:21.445Z"
}
]
},
{
"@type": "type.googleapis.com/envoy.admin.v3.ListenersConfigDump",
"version_info": "1",
"dynamic_listeners": [
{
"name": "outbound-listener",
"active_state": {
"version_info": "1",
"listener": {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "outbound-listener",
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 15001
}
},
"listener_filters": [
{
"name": "original_dst",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst"
}
},
{
"name": "tls_inspector",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
}
},
{
"name": "http_inspector",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector"
}
}
],
"traffic_direction": "OUTBOUND",
"continue_on_listener_filters_timeout": true,
"access_log": [
{
"name": "envoy.access_loggers.stream",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog",
"log_format": {
"json_format": {
"protocol": "%PROTOCOL%",
"time_to_first_byte": "%RESPONSE_DURATION%",
"upstream_cluster": "%UPSTREAM_CLUSTER%",
"bytes_received": "%BYTES_RECEIVED%",
"x_forwarded_for": "%REQ(X-FORWARDED-FOR)%",
"upstream_host": "%UPSTREAM_HOST%",
"response_code": "%RESPONSE_CODE%",
"response_flags": "%RESPONSE_FLAGS%",
"duration": "%DURATION%",
"requested_server_name": "%REQUESTED_SERVER_NAME%",
"authority": "%REQ(:AUTHORITY)%",
"start_time": "%START_TIME%",
"response_code_details": "%RESPONSE_CODE_DETAILS%",
"bytes_sent": "%BYTES_SENT%",
"upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
"method": "%REQ(:METHOD)%",
"path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
"user_agent": "%REQ(USER-AGENT)%",
"request_id": "%REQ(X-REQUEST-ID)%"
}
}
}
}
],
"default_filter_chain": {
"filters": [
{
"name": "tcp_proxy",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"stat_prefix": "egress-tcp-proxy.passthrough-outbound",
"cluster": "passthrough-outbound"
}
}
],
"name": "outbound-egress-filter-chain"
}
},
"last_updated": "2023-04-12T16:55:21.469Z"
}
},
{
"name": "inbound-listener",
"active_state": {
"version_info": "1",
"listener": {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "inbound-listener",
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 15003
}
},
"filter_chains": [
{
"filter_chain_match": {
"destination_port": 27017,
"transport_protocol": "tls",
"application_protocols": [
"osm"
],
"server_names": [
"server-mongodb.mongodb.svc.cluster.local"
]
},
"filters": [
{
"name": "l4_rbac",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {},
"stat_prefix": "network-"
}
},
{
"name": "tcp_proxy",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"stat_prefix": "inbound-mesh-tcp-proxy.mongodb/server-mongodb|27017|local",
"cluster": "mongodb/server-mongodb|27017|local"
}
}
],
"transport_socket": {
"name": "inbound_mongodb/server-mongodb_27017_TCP",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"common_tls_context": {
"tls_params": {
"tls_minimum_protocol_version": "TLSv1_2",
"tls_maximum_protocol_version": "TLSv1_3"
},
"tls_certificate_sds_secret_configs": [
{
"name": "service-cert:mongodb/server-mongodb",
"sds_config": {
"ads": {},
"resource_api_version": "V3"
}
}
],
"validation_context_sds_secret_config": {
"name": "root-cert-for-mtls-inbound:mongodb/server-mongodb",
"sds_config": {
"ads": {},
"resource_api_version": "V3"
}
}
},
"require_client_certificate": true
}
},
"name": "inbound_mongodb/server-mongodb_27017_TCP"
}
],
"listener_filters": [
{
"name": "tls_inspector",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
}
},
{
"name": "original_dst",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst"
}
}
],
"traffic_direction": "INBOUND",
"access_log": [
{
"name": "envoy.access_loggers.stream",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog",
"log_format": {
"json_format": {
"request_id": "%REQ(X-REQUEST-ID)%",
"upstream_host": "%UPSTREAM_HOST%",
"protocol": "%PROTOCOL%",
"upstream_cluster": "%UPSTREAM_CLUSTER%",
"x_forwarded_for": "%REQ(X-FORWARDED-FOR)%",
"response_code_details": "%RESPONSE_CODE_DETAILS%",
"user_agent": "%REQ(USER-AGENT)%",
"authority": "%REQ(:AUTHORITY)%",
"time_to_first_byte": "%RESPONSE_DURATION%",
"response_flags": "%RESPONSE_FLAGS%",
"bytes_received": "%BYTES_RECEIVED%",
"bytes_sent": "%BYTES_SENT%",
"duration": "%DURATION%",
"method": "%REQ(:METHOD)%",
"path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
"response_code": "%RESPONSE_CODE%",
"upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
"requested_server_name": "%REQUESTED_SERVER_NAME%",
"start_time": "%START_TIME%"
}
}
}
}
]
},
"last_updated": "2023-04-12T16:55:21.471Z"
}
}
]
},
{
"@type": "type.googleapis.com/envoy.admin.v3.SecretsConfigDump",
"dynamic_active_secrets": [
{
"name": "tls_sds",
"last_updated": "2023-04-12T16:55:21.374Z",
"secret": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
"name": "tls_sds",
"tls_certificate": {
"certificate_chain": {
"inline_bytes": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVIRENDQXdTZ0F3SUJBZ0lRUHhiZXd6OTlkV3VDamtNSW9LNndDVEFOQmdrcWhraUc5dzBCQVFzRkFEQmEKTVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHQTFVRUJ4TUNRMEV4R2pBWUJnTlZCQW9URVU5d1pXNGdVMlZ5ZG1sagpaU0JOWlhOb01TSXdJQVlEVlFRREV4bHZjMjB0WTJFdWIzQmxibk5sY25acFkyVnRaWE5vTG1sdk1CNFhEVEl6Ck1EUXhNakUyTlRVeE1sb1hEVE16TURRd09URTJOVFV4TWxvd2VERWFNQmdHQTFVRUNoTVJUM0JsYmlCVFpYSjIKYVdObElFMWxjMmd4V2pCWUJnTlZCQU1UVVRReE5HRXlZamhtTFRoaVltUXRORGhqTWkwNVptVTVMV1ZpTkdSawpOalZtWVRRek5TNXphV1JsWTJGeUxuTmxjblpsY2kxdGIyNW5iMlJpTG0xdmJtZHZaR0l1WTJ4MWMzUmxjaTVzCmIyTmhiRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFLeXVoazJVOWp6cms4WmEKa01ROG5TMkliVWxpRlpYdTJUdTVMRENuTUFYQ1YwY1pjV1g3bkRicHVVMXRsOXNRU2ttQ0piaGR2QWFLemZpcQpkTERkbmZ2K1JsdFBxOUt0RUNuUjBjbnQ4R2VnbnhmcVpabHVweG9yTE9ZRTQ3cTRBYXc4TVBZTUxSNUJrNTNCCjNyYkZhU1c2RnJqajBZMU1aMDdvQUhHVGpUSkJ6b0tEOXlSK1RTbTVZMzVLUlZLRjlCRG82OXlocVo2dXN2bzkKT1dGb1dCbG1GUXEwdlBVVnUxOEZxcUs5RWlhUmZlaWpyNUdIU0lOcGc0eHZpcUpWWXpOb2FqSmNXcExudEJtTQpaT3pWWDQrTTlObGhzWkhZQmpRVjczYmxkcWt0SUJ4Y0VybmpCNlZJRTRzbVoyVDMxaWdOTzJ6SWdLa3VXU3pwCk50T1QxTWNDQXdFQUFhT0J2ekNCdkRBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUIKQlFVSEF3SUdDQ3NHQVFVRkJ3TUJNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVV3QzVXb0kxTApzejZ2ZnkzaGJBQm8yVmtOdkJ3d1hBWURWUjBSQkZVd1U0SlJOREUwWVRKaU9HWXRPR0ppWkMwME9HTXlMVGxtClpUa3RaV0kwWkdRMk5XWmhORE0xTG5OcFpHVmpZWEl1YzJWeWRtVnlMVzF2Ym1kdlpHSXViVzl1WjI5a1lpNWoKYkhWemRHVnlMbXh2WTJGc01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQmdOelRtQVRad1ZhQlFoQlZlUERTUgpaNUJiN1BQNjRsd0wrMDVncnAwelpKL0dDREF4MVhUVGllUFRTdFBIZndZbm13Sy9Kcnc0NERrZ1FHWHY1VFpPCmZZaDBuRmpYZkZxYlFEdVFMVVJrU2NvRi9rVnFYcWJVVE9KVjRGZzYxbjJlN3dPMlRGZElQR1pOTXJoRExENFAKQXFmSitUS24xY3c0cUJSWkZrMVg2cExVNjBYQW1mMklheTNRNU5qOGc3NFhEOWMxTi9lbG8yZ1dJeUVSaXlTVwovM2pSdlRCK3lHRXNpc3RTc1c1eTQzMG9RSkZpM3YxQzYxc1pZa1BjbC83SHp3NFRJblZjdG84Nnd6bVlnZVMrCnNVRkZORUJCVTV5M2szZ3d0NEtxZmxzYWpKWHFGT2lyODMrRDdPVlg2eGlCSytsRjNNNGU2QUthSFgwSWp4UFcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
},
"private_key": {
"inline_bytes": "W3JlZGFjdGVkXQ=="
}
}
}
},
{
"name": "service-cert:mongodb/server-mongodb",
"version_info": "2",
"last_updated": "2023-04-12T16:55:21.474Z",
"secret": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
"name": "service-cert:mongodb/server-mongodb",
"tls_certificate": {
"certificate_chain": {
"inline_bytes": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR3ekNDQXF1Z0F3SUJBZ0lSQUxWdTVjOU1UKyt0VmFaaWFOUUNoVnd3RFFZSktvWklodmNOQVFFTEJRQXcKV2pFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBY1RBa05CTVJvd0dBWURWUVFLRXhGUGNHVnVJRk5sY25acApZMlVnVFdWemFERWlNQ0FHQTFVRUF4TVpiM050TFdOaExtOXdaVzV6WlhKMmFXTmxiV1Z6YUM1cGJ6QWVGdzB5Ck16QTBNVEl4TXpBNU1ETmFGdzB5TXpBME1UTXhNekE1TUROYU1Fc3hHakFZQmdOVkJBb1RFVTl3Wlc0Z1UyVnkKZG1salpTQk5aWE5vTVMwd0t3WURWUVFERXlSelpYSjJaWEl0Ylc5dVoyOWtZaTV0YjI1bmIyUmlMbU5zZFhOMApaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDMmF3YWI3RU5tCk9QRmU3UGJrUWZjeHE5b085TGYwb0p3Zm93NVF3RElCR3ViVEZmMWpVNHRhdmdNY1hWeG1Db055Z2xXN2crVjAKQUNsZTFsdzhyeU1USmVOQXNQZHRwV2Y4dnBYZDRCcVY2SFM0VmdtWFRzbXFhdEJ2Y0V3dUVIeXpoTnM4T3o5SgpkeEdzL3pqRk1HK1dqUGkzMVRNYk9FSXRNUFJtVmR6dUltR2ZPNzc4WTFGekFqeDFXTHBxTVBQVko2OGs0c3RWCitXWnk2bjl5S0RQWTY1UXloZzh5K2NoU2JtcWRaeExEeW1hN1l3RmN3TnpUaWxVUjc2cXFjNzNOMjlsbE9mQXAKaEROaHhYcytlTTlvMFpRRGhpTnpNQ3Y4c1NRdWFYQ29iVURyNnozVExuUmIxZUJ6empJMmpaK0RoSnltWERVawpURGduSTk0UmVWMGxBZ01CQUFHamdaSXdnWTh3RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHCkNDc0dBUVVGQndNQ0JnZ3JCZ0VGQlFjREFUQU1CZ05WSFJNQkFmOEVBakFBTUI4R0ExVWRJd1FZTUJhQUZNQXUKVnFDTlM3TStyMzh0NFd3QWFObFpEYndjTUM4R0ExVWRFUVFvTUNhQ0pITmxjblpsY2kxdGIyNW5iMlJpTG0xdgpibWR2WkdJdVkyeDFjM1JsY2k1c2IyTmhiREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBSHpnaWpnQlZnT0gyCm1hVUFsVnJ6blZkOFdpbXd3SEJXcFRuUDUydTJsWHArYnpIY1lWT1krcFJiQ3VKRzg5TUVONlhJZERPMzBVQUwKajVKSysrZmdMQ3R1c1JJd1pNazVVeUplRitvUFh1NmNGUEgrNmhud2JWRlkvQWdBYysxTHo2MjBGaGhwZkg4YgpUQmx2MWV4ZjlkaXc2ZDZSZG9EendvdVlCekwrTWpFNjFONXV3NTlhdU0xM1B6MG9hUFVTbStXWUFJL0xyYVZBCktKbFc3MlhtMmw0VmNjWUY4L3hYRHFqZWw1dHYrRHRPblVDRFdtQjJwR3pEQ21yTHpTTytIdmRJZFRzMHgvR3QKTzF2WElORkFqL0JBY2hPUVhGYkRvMlE2SzAva0ZJL1puSHU4Z3d3ZUdJK3dBM2xaUFpuZEhUTWRQbmZYMnFlTgo2M1FEbW5NN01nPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
},
"private_key": {
"inline_bytes": "W3JlZGFjdGVkXQ=="
}
}
}
},
{
"name": "root-cert-for-mtls-inbound:mongodb/server-mongodb",
"version_info": "2",
"last_updated": "2023-04-12T16:55:21.473Z",
"secret": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
"name": "root-cert-for-mtls-inbound:mongodb/server-mongodb",
"validation_context": {
"trusted_ca": {
"inline_bytes": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURnRENDQW1pZ0F3SUJBZ0lRTjJCbzRKaE9MNzdTanpVUnhmSHNvakFOQmdrcWhraUc5dzBCQVFzRkFEQmEKTVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHQTFVRUJ4TUNRMEV4R2pBWUJnTlZCQW9URVU5d1pXNGdVMlZ5ZG1sagpaU0JOWlhOb01TSXdJQVlEVlFRREV4bHZjMjB0WTJFdWIzQmxibk5sY25acFkyVnRaWE5vTG1sdk1CNFhEVEl6Ck1EUXdOakV5TkRnd04xb1hEVE16TURRd016RXlORGd3TjFvd1dqRUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlYKQkFjVEFrTkJNUm93R0FZRFZRUUtFeEZQY0dWdUlGTmxjblpwWTJVZ1RXVnphREVpTUNBR0ExVUVBeE1aYjNOdApMV05oTG05d1pXNXpaWEoyYVdObGJXVnphQzVwYnpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQU5zV0ovODFzS1ZpMHN5R0pCRWNtRWtUckQ1VUVrQUF6YTJ4SHdDUjJSNmpWaFZRejQ0TUtob3kKSkpsNzRZbERZV0ZTQThwdXk2MHcwNkpNS3hMQUhPZ3MwdzhYZllxUVAvYkV6aG5GaG9BS0VOT29kVVA5cEJSMgpYS3FEVzh0c3lWbk5CanZjZGhQelhjTTVFYzBnZnJpRjRjWUZDY0dvVGN1RmJnU1d4WVdCejBUUEprSmtIL2x6CjF0bXMyYlVhZldwQVcrS0FrUVgzRlNQMWE2S3IwOUN0cTdUc09EcVdhc0Z0RVUyYzJoa2NYOVprRCtEMmY3eC8KT21MWlRjb1V5YlRaZGdjcVFNeG5Vajk3TDhoNTYvVEgxbzJHU1JPcHh2L2NYV0hsWlpQOFZyVzZVU0M3NVRWTQp4My9XcUs0OHVDZjJuM3NIZ2pmejg5M0llbXJJV0o4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHCk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNQXVWcUNOUzdNK3IzOHQ0V3dBYU5sWkRid2MKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCZkdnQVNhTUY5THBIRCtZTDNMQTlyMGorNVF1MVpOUkFsdHpxbAo3Q3FoamRlZU1WbDVCRE9kZmhhK0ZhVWRhK2tkZ0tVazdxSHg2Slp4K2RmVE5oSW1UTkc1SmVGYlcvWGdqNkswCjVqMld0eS9rY1RFVkh6QnhwZFVnTDB6YVA5aHMvelpUVEY4bXNabVoxSmxFRHVlSi9yRU0vcmRuUW5WSkxVbkwKOGZaRkF1NjRlY3ZydlZDcnk1Snl3ZnVpQVIzdlpWUXZMTTdSR0JSODVpa2dqY2xweTgwcktCK29MZW1NZHVMNQpCSDI3WjJtUXdZR2FaTjVOVFVwelVDQmNKcnJGb2JtTkJhVCtYSG9hODA1MDIwV0FpY3hsTGc5N0YyMSs1eGVNCm12MzQzN2JDM0FUZWM0WjUydk5RMk9FMXdScVdtR0p3MXQ5aC8xK3FWME5EL2JtVgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
}
}
}
},
{
"name": "validation_context_sds",
"last_updated": "2023-04-12T16:55:21.374Z",
"secret": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
"name": "validation_context_sds",
"validation_context": {
"trusted_ca": {
"inline_bytes": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURnRENDQW1pZ0F3SUJBZ0lRTjJCbzRKaE9MNzdTanpVUnhmSHNvakFOQmdrcWhraUc5dzBCQVFzRkFEQmEKTVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHQTFVRUJ4TUNRMEV4R2pBWUJnTlZCQW9URVU5d1pXNGdVMlZ5ZG1sagpaU0JOWlhOb01TSXdJQVlEVlFRREV4bHZjMjB0WTJFdWIzQmxibk5sY25acFkyVnRaWE5vTG1sdk1CNFhEVEl6Ck1EUXdOakV5TkRnd04xb1hEVE16TURRd016RXlORGd3TjFvd1dqRUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlYKQkFjVEFrTkJNUm93R0FZRFZRUUtFeEZQY0dWdUlGTmxjblpwWTJVZ1RXVnphREVpTUNBR0ExVUVBeE1aYjNOdApMV05oTG05d1pXNXpaWEoyYVdObGJXVnphQzVwYnpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQU5zV0ovODFzS1ZpMHN5R0pCRWNtRWtUckQ1VUVrQUF6YTJ4SHdDUjJSNmpWaFZRejQ0TUtob3kKSkpsNzRZbERZV0ZTQThwdXk2MHcwNkpNS3hMQUhPZ3MwdzhYZllxUVAvYkV6aG5GaG9BS0VOT29kVVA5cEJSMgpYS3FEVzh0c3lWbk5CanZjZGhQelhjTTVFYzBnZnJpRjRjWUZDY0dvVGN1RmJnU1d4WVdCejBUUEprSmtIL2x6CjF0bXMyYlVhZldwQVcrS0FrUVgzRlNQMWE2S3IwOUN0cTdUc09EcVdhc0Z0RVUyYzJoa2NYOVprRCtEMmY3eC8KT21MWlRjb1V5YlRaZGdjcVFNeG5Vajk3TDhoNTYvVEgxbzJHU1JPcHh2L2NYV0hsWlpQOFZyVzZVU0M3NVRWTQp4My9XcUs0OHVDZjJuM3NIZ2pmejg5M0llbXJJV0o4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHCk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNQXVWcUNOUzdNK3IzOHQ0V3dBYU5sWkRid2MKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCZkdnQVNhTUY5THBIRCtZTDNMQTlyMGorNVF1MVpOUkFsdHpxbAo3Q3FoamRlZU1WbDVCRE9kZmhhK0ZhVWRhK2tkZ0tVazdxSHg2Slp4K2RmVE5oSW1UTkc1SmVGYlcvWGdqNkswCjVqMld0eS9rY1RFVkh6QnhwZFVnTDB6YVA5aHMvelpUVEY4bXNabVoxSmxFRHVlSi9yRU0vcmRuUW5WSkxVbkwKOGZaRkF1NjRlY3ZydlZDcnk1Snl3ZnVpQVIzdlpWUXZMTTdSR0JSODVpa2dqY2xweTgwcktCK29MZW1NZHVMNQpCSDI3WjJtUXdZR2FaTjVOVFVwelVDQmNKcnJGb2JtTkJhVCtYSG9hODA1MDIwV0FpY3hsTGc5N0YyMSs1eGVNCm12MzQzN2JDM0FUZWM0WjUydk5RMk9FMXdScVdtR0p3MXQ5aC8xK3FWME5EL2JtVgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
}
}
}
}
]
}
]
}
The logs of the controller in a a gist https://gist.github.com/michaelcourcy/08e6716d6a245b84282ad1745ee77a73
looks like you have a typo in your traffic target of sever-mongodb
instead of server-mongodb
@steeling you were absolutely right my error was there. As soon as I changed that it works !
And terribly I did the same mistake in the mysql namespace I write sever-mysql
instead of server-mysql
and had the same connection issue. Wondering really if it was me or the framework.
Thank you sincerely @steeling and @phillipgibson for your continuous help and I apologize for the time you lost because of my typo.
Bug description:
After having successully run the bookstore tutorial I tried to use OSM for a mongodb deployment
I install a mongodb and a mongodb client without OSM and all works fine. Mongodb
Client
enter the bash pod and try to connect to mongodb
Connection to mongodb work fines
The pods
The service
The service account
Now I decide to add the mongodb namespace to the service mesh
I delete all the pods and recreate the client
Now all the pods are injected
I created this rules
But when I try to connect to the server-mongo from the client I have this error
I'm just starting with OSM and I probably miss something obvious but I've been searching for a long time and don't see how I can troubleshoot that.
I could not find any example for mongodb either, maybe I'm trying to do something impossible, the mysql example in bookstore was looking similar.
Affected area (please mark with X where applicable):
Expected behavior:
Steps to reproduce the bug (as precisely as possible):
How was OSM installed?:
Anything else we need to know?:
Bug report archive:
Environment:
osm version
):MESH NAME MESH NAMESPACE VERSION GIT COMMIT BUILD DATE osm osm-system v1.2.3 6ecc61cf9fb95270483ea8cc72af4a72e16a65ef 2022-12-14-01:23
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version. Client Version: version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.1", GitCommit:"8f94681cd294aa8cfd3407b8191f6c70214973a4", GitTreeState:"clean", BuildDate:"2023-01-18T15:51:24Z", GoVersion:"go1.19.5", Compiler:"gc", Platform:"darwin/arm64"} Kustomize Version: v4.5.7 Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.9", GitCommit:"57fbbcc2804848b95cad5519f5ec9d6355430db9", GitTreeState:"clean", BuildDate:"2023-02-08T17:22:38Z", GoVersion:"go1.18.9", Compiler:"gc", Platform:"linux/amd64"} WARNING: version difference between client (1.26) and server (1.24) exceeds the supported minor version skew of +/-1