Simple routing question

547 views
Skip to first unread message

Christian Posta

unread,
Mar 27, 2017, 8:08:32 PM3/27/17
to Envoy Users
Hey,

Quick question...

Any pointers where I'm missing on this?

I'm trying to proxy my "http://ipaddress" service with envoy. Jumping into a pod and using curl, seeing this:


```

[jboss@camel-client-service-1-wh8om ~]$ curl -vvvv localhost:9001 -H 'Host: ipaddress'                                                                                           

* About to connect() to localhost port 9001 (#0)

*   Trying ::1...

* Connection refused

*   Trying 127.0.0.1...

* Connected to localhost (127.0.0.1) port 9001 (#0)

> GET / HTTP/1.1

> User-Agent: curl/7.29.0

> Accept: */*

> Host: ipaddress

< HTTP/1.1 200 OK

< x-application-context: application

< content-type: text/plain;charset=UTF-8

< content-length: 80

< date: Tue, 28 Mar 2017 00:05:17 GMT

< x-envoy-upstream-service-time: 2

< server: envoy

* Connection #0 to host localhost left intact

Reply: Hello from Kubernetes ConfigMap!!! Host: spring-boot-ipaddress-se-1-g8ee1[

```

I'd like to use envoy as a transparent proxy (ie, I don't want to call the envoy proxy directly"... example:

```

[jboss@camel-client-service-1-wh8om ~]$ curl -vvvv --proxy localhost:9001 http://ipaddress

* About to connect() to proxy localhost port 9001 (#0)

*   Trying ::1...

* Connection refused

*   Trying 127.0.0.1...

* Connected to localhost (127.0.0.1) port 9001 (#0)

> GET http://ipaddress/ HTTP/1.1

> User-Agent: curl/7.29.0

> Host: ipaddress

> Accept: */*

> Proxy-Connection: Keep-Alive

< HTTP/1.1 404 Not Found

< date: Tue, 28 Mar 2017 00:06:38 GMT

< server: envoy

< content-length: 0

* Connection #0 to host localhost left intact

```

Not sure why it's not routing .. here's my config:

```
{
  "listeners": [{
    "port": 9001,
    "filters": [{
      "type": "read",
      "name": "http_connection_manager",
      "config": {
        "codec_type": "auto",
        "stat_prefix": "egress_http",
        "add_user_agent": true,
        "route_config": {
          "virtual_hosts": [
            {
              "name": "ipaddress_service",
              "domains": [
                "ipaddress"
              ],
              "routes": [{
                "timeout_ms": 0,
                "prefix": "/",
                "cluster": "ipaddress_service_cluster"
              }]
            }]
        },
        "filters": [{
          "type": "decoder",
          "name": "router",
          "config": {}
        }]
      }
    }]
  }],
  "admin": {
    "access_log_path": "/tmp/admin_access.log",
    "port": 9901
  },
  "cluster_manager": {
    "clusters": [{
      "name": "ipaddress_service_cluster",
      "connect_timeout_ms": 250,
      "type": "logical_dns",
      "lb_type": "round_robin",
      "hosts": [{
        "url": "tcp://real-ipaddress:80"
      }]
    }]
  }
}

```

Probably missing something simple, any suggestions?

Matt Klein

unread,
Mar 27, 2017, 9:01:03 PM3/27/17
to Christian Posta, Envoy Users
--proxy expects a conforming HTTP proxy which Envoy is not (it does not support CONNECT). How do you ultimately plan on making a service call? Is this for a demo? The easiest quick solution is just to have your route match on '*'. In a production system you are probably going to want to set host header and/or play tricks with iptables depending on your environment and requirements.

--
You received this message because you are subscribed to the Google Groups "Envoy Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-users+unsubscribe@googlegroups.com.
To post to this group, send email to envoy...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-users/e7aa2c53-9965-4b87-8fe9-cf4ad379a104%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Matt Klein
Software Engineer
mkl...@lyft.com / 206.327.4515

Christian Posta

unread,
Mar 28, 2017, 7:26:39 PM3/28/17
to Matt Klein, Envoy Users
On Mon, Mar 27, 2017 at 6:01 PM, Matt Klein <mkl...@lyft.com> wrote:
--proxy expects a conforming HTTP proxy which Envoy is not (it does not support CONNECT). How do you ultimately plan on making a service call? Is this for a demo? The easiest quick solution is just to have your route match on '*'. In a production system you are probably going to want to set host header and/or play tricks with iptables depending on your environment and requirements.

Yah, for a demo the wildcard would work, but I'm trying to build tooling to help automatically add Envoy sidecars to kubernetes apps. I'd like apps to just continue using "http://foo" without having to explicitly set the Host header. ie, for example, with Java apps, I'd like to just set http.proxyHost and http.proxyPort and have them automatically route to the proxy. 



--
Christian Posta
twitter: @christianposta

Matt Klein

unread,
Mar 28, 2017, 7:29:34 PM3/28/17
to Christian Posta, Envoy Users, Lizan Zhou
You probably want to use iptables/TPROXY which is what https://github.com/istio/proxy is doing for their k8s integration. I'm not sure of the exact spot in their code where they do all of that. I've CCd Lizan who can probably provide a pointer. Feel free to hop onto the Istio dev slack or the Envoy gitter and we can probably find someone to help out.

Christian Posta

unread,
Mar 28, 2017, 8:34:50 PM3/28/17
to Matt Klein, Envoy Users, Lizan Zhou
Yah trying to avoid things that require privileged containers, etc. Looks like istio has some more docs than it did previously, will start poking around there. Will hop on gitter/slack too.

Thanks Matt.
Reply all
Reply to author
Forward
0 new messages