search

skupperproject / skupper-router

An application-layer router for Skupper networks
https://skupper.io
Apache License 2.0
14 stars 18 forks source link

websockets, healthz and metrics attributes of listener unexpectedly returned as true #1596

Closed grs closed 4 weeks ago

grs commented 1 month ago

I am seeing unexpected values returned by a query of listeners for the attributes websockets, healthz and metrics.

In the following configuration file, these attributes are set to false for the listeners on ports 55671 amd 45671, bu it the query listed after that, they are returned as true. The listeners on ports 5671 and 5672 however seem to be set as expected (the difference between these is mostly in the role I believe). (Originally these attributes were not being set at all, but even with an explicit setting the values seem unexpected).

$ kubectl get cm skupper-router -o yaml
apiVersion: v1
data:
  skrouterd.json: |-
    [
        [
            "router",
            {
                "id": "west-${HOSTNAME}",
                "mode": "interior",
                "helloMaxAgeSeconds": "3",
                "metadata": "{\"id\":\"be525a56-c862-4332-8908-831e1684883f\",\"version\":\"main-release-137-gcc83810-modified\",\"platform\":\"kubernetes\"}"
            }
        ],
        [
            "sslProfile",
            {
                "name": "skupper-amqps",
                "certFile": "/etc/skupper-router-certs/skupper-amqps/tls.crt",
                "privateKeyFile": "/etc/skupper-router-certs/skupper-amqps/tls.key",
                "caCertFile": "/etc/skupper-router-certs/skupper-amqps/ca.crt"
            }
        ],
        [
            "sslProfile",
            {
                "name": "skupper-site-server",
                "certFile": "/etc/skupper-router-certs/skupper-site-server/tls.crt",
                "privateKeyFile": "/etc/skupper-router-certs/skupper-site-server/tls.key",
                "caCertFile": "/etc/skupper-router-certs/skupper-site-server/ca.crt"
            }
        ],
        [
            "listener",
            {
                "name": "skupper-router-inter-router",
                "role": "inter-router",
                "port": 55671,
                "sslProfile": "skupper-site-server",
                "saslMechanisms": "EXTERNAL",
                "authenticatePeer": true,
                "websockets": false,
                "healthz": false,
                "metrics": false
            }
        ],
        [
            "listener",
            {
                "name": "skupper-router-edge",
                "role": "edge",
                "port": 45671,
                "sslProfile": "skupper-site-server",
                "saslMechanisms": "EXTERNAL",
                "authenticatePeer": true,
                "websockets": false,
                "healthz": false,
                "metrics": false
            }
        ],
        [
            "listener",
            {
                "name": "amqps",
                "port": 5671,
                "sslProfile": "skupper-amqps",
                "saslMechanisms": "EXTERNAL",
                "authenticatePeer": true,
                "websockets": false,
                "healthz": false,
                "metrics": false
            }
        ],
        [
            "listener",
            {
                "name": "@9090",
                "role": "normal",
                "port": 9090,
                "http": true,
                "httpRootDir": "disabled",
                "websockets": false,
                "healthz": true,
                "metrics": true
            }
        ],
        [
            "listener",
            {
                "name": "amqp",
                "host": "localhost",
                "port": 5672,
                "websockets": false,
                "healthz": false,
                "metrics": false
            }
        ],
        [
            "address",
            {
                "prefix": "mc",
                "distribution": "multicast"
            }
        ]
    ]
kind: ConfigMap
metadata:
  creationTimestamp: "2024-08-13T11:29:18Z"
  name: skupper-router
  namespace: default
  ownerReferences:
  - apiVersion: skupper.io/v1alpha1
    kind: Site
    name: west
    uid: be525a56-c862-4332-8908-831e1684883f
  resourceVersion: "564346"
  uid: 58747494-66e5-4a11-bd1c-7578b02140f8

I got the following query results:

$ kubectl exec -it skupper-router-7955d6dc9c-wjf5l  -- skmanage query --type listener
Defaulted container "router" out of: router, config-sync
[
  {
    "host": "",
    "port": "5671",
    "role": "normal",
    "cost": 1,
    "sslProfile": "skupper-amqps",
    "saslMechanisms": "EXTERNAL",
    "authenticatePeer": true,
    "requireEncryption": false,
    "requireSsl": false,
    "maxFrameSize": 16384,
    "maxSessions": 32768,
    "idleTimeoutSeconds": 16,
    "initialHandshakeTimeoutSeconds": 0,
    "stripAnnotations": "both",
    "healthz": false,
    "metrics": false,
    "websockets": false,
    "http": false,
    "messageLoggingComponents": "none",
    "name": "amqps",
    "identity": "listener/:5671:amqps",
    "type": "io.skupper.router.listener"
  },
  {
    "host": "",
    "port": "9090",
    "role": "normal",
    "cost": 1,
    "authenticatePeer": false,
    "requireEncryption": false,
    "requireSsl": false,
    "maxFrameSize": 16384,
    "maxSessions": 32768,
    "idleTimeoutSeconds": 16,
    "initialHandshakeTimeoutSeconds": 0,
    "stripAnnotations": "both",
    "healthz": true,
    "metrics": true,
    "websockets": false,
    "http": true,
    "httpRootDir": "disabled",
    "messageLoggingComponents": "none",
    "name": "@9090",
    "identity": "listener/:9090:@9090",
    "type": "io.skupper.router.listener"
  },
  {
    "host": "localhost",
    "port": "5672",
    "role": "normal",
    "cost": 1,
    "authenticatePeer": false,
    "requireEncryption": false,
    "requireSsl": false,
    "maxFrameSize": 16384,
    "maxSessions": 32768,
    "idleTimeoutSeconds": 16,
    "initialHandshakeTimeoutSeconds": 0,
    "stripAnnotations": "both",
    "healthz": false,
    "metrics": false,
    "websockets": false,
    "http": false,
    "messageLoggingComponents": "none",
    "name": "amqp",
    "identity": "listener/localhost:5672:amqp",
    "type": "io.skupper.router.listener"
  },
  {
    "host": "",
    "port": "55671",
    "role": "inter-router",
    "cost": 1,
    "sslProfile": "skupper-site-server",
    "saslMechanisms": "EXTERNAL",
    "authenticatePeer": true,
    "requireEncryption": false,
    "requireSsl": false,
    "maxFrameSize": 16384,
    "maxSessions": 32768,
    "idleTimeoutSeconds": 16,
    "initialHandshakeTimeoutSeconds": 0,
    "stripAnnotations": "both",
    "healthz": true,
    "metrics": true,
    "websockets": true,
    "http": false,
    "messageLoggingComponents": "none",
    "name": "skupper-router-inter-router",
    "identity": "listener/:55671:skupper-router-inter-router",
    "type": "io.skupper.router.listener"
  },
  {
    "host": "",
    "port": "45671",
    "role": "edge",
    "cost": 1,
    "sslProfile": "skupper-site-server",
    "saslMechanisms": "EXTERNAL",
    "authenticatePeer": true,
    "requireEncryption": false,
    "requireSsl": false,
    "maxFrameSize": 16384,
    "maxSessions": 32768,
    "idleTimeoutSeconds": 16,
    "initialHandshakeTimeoutSeconds": 0,
    "stripAnnotations": "both",
    "healthz": true,
    "metrics": true,
    "websockets": true,
    "http": false,
    "messageLoggingComponents": "none",
    "name": "skupper-router-edge",
    "identity": "listener/:45671:skupper-router-edge",
    "type": "io.skupper.router.listener"
  }
]
grs commented 4 weeks ago

On further investigation the issue here is that the control plane assumes that false is the default for these attributes whereas they actually default to true, though they only actually have any effect if the http attribute is true (which it is not by default).