Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenShift Router doesn't work as a delegated gateway #4296

Open
lahabana opened this issue May 17, 2022 · 11 comments
Open

OpenShift Router doesn't work as a delegated gateway #4296

lahabana opened this issue May 17, 2022 · 11 comments
Labels
area/gateway Built-in Kuma gateway support kind/feature New feature triage/accepted The issue was reviewed and is complete enough to start working on it

Comments

@lahabana
Copy link
Contributor

Description

We doing delegated gateway with OCP router we're having issues linking to an external service.

This seems to be mainly caused by the fact that OCP router supports externalName by resolving externalNames from the controller talking to K8s DNS instead of from the router container (which would have the DNS hijacked). Here's the router config when doing this:

	os_http_be.map
^echo-service-externalname-meshservices\.apps2\.decoste-ocp3\.zfq3\.p1\.openshiftapps\.com\.?(:[0-9]+)?(/.*)?$ be_http:meshservices:echo-service-externalname


	haproxy.config
	backend be_http:meshservices:echo-service-externalname
  mode http
  option redispatch
  option forwardfor
  balance leastconn

  timeout check 5000ms
  http-request add-header X-Forwarded-Host %[req.hdr(host)]
  http-request add-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto http if !{ ssl_fc }
  http-request add-header X-Forwarded-Proto https if { ssl_fc }
  http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 }
  http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
  cookie d69046a1208e8bef7698305f97bd6b20 insert indirect nocache httponly

Note: this results in a backend configuration without a server field which causes the Router to be unable to route requests as there is no set of target IPs.

Possible fixes:

  1. Our mesh ips should be stable (This would be beneficial anyway as stated in mesh VIPs should be stable #4295), if this is done the user would manually populate the service with an endpoint which is this vip.
  2. Manually create this service with custom endpoints or populate the K8s DNS record with our vips.
  3. OpenShift router should resolve ips from the router rather than from the controller.
@lahabana lahabana added triage/pending This issue will be looked at on the next triage meeting kind/feature New feature area/gateway Built-in Kuma gateway support triage/accepted The issue was reviewed and is complete enough to start working on it and removed triage/pending This issue will be looked at on the next triage meeting labels May 17, 2022
@lahabana lahabana mentioned this issue May 23, 2022
Closed
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jun 23, 2022
@github-actions
Copy link
Contributor

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Jun 27, 2022
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jul 28, 2022
@github-actions
Copy link
Contributor

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Jul 28, 2022
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Oct 27, 2022
@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Oct 27, 2022
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jan 26, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Jan 26, 2023
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Apr 27, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Apr 27, 2023
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jul 27, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Jul 27, 2023
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Oct 26, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Nov 2, 2023
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Feb 1, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 1, 2024

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@slonka slonka removed the triage/stale Inactive for some time. It will be triaged again label Feb 7, 2024
@slonka
Copy link
Contributor

slonka commented Feb 7, 2024

Haven't seen any PRs related to OpenShift Router - removing stale.

@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label May 8, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 8, 2024

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@bartsmykla bartsmykla removed the triage/stale Inactive for some time. It will be triaged again label May 14, 2024
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Aug 13, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lukidzi lukidzi removed the triage/stale Inactive for some time. It will be triaged again label Aug 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/gateway Built-in Kuma gateway support kind/feature New feature triage/accepted The issue was reviewed and is complete enough to start working on it
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lahabana @slonka @bartsmykla @lukidzi