Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mixed tcp and http protocol result in protocol errors #6825

Closed
jakubdyszkiewicz opened this issue May 23, 2023 · 11 comments
Closed

Mixed tcp and http protocol result in protocol errors #6825

jakubdyszkiewicz opened this issue May 23, 2023 · 11 comments
Labels
kind/bug A bug triage/pending This issue will be looked at on the next triage meeting

Comments

@jakubdyszkiewicz
Copy link
Contributor

What happened?

Steps to reproduce

  1. Deploy kuma marketplace demo
  2. Add second service
apiVersion: v1
kind: Service
metadata:
  annotations:
    3001.service.kuma.io/protocol: tcp # <- notice that the first service has http here
  name: backend-v2
  namespace: kuma-demo
spec:
  ports:
  - name: api
    port: 3001
    protocol: TCP
    targetPort: 3001
  selector:
    app: kuma-demo-backend
  1. Exec to container and execute requests
❯❯❯ kubectl exec -n kuma-demo kuma-demo-app-6787b4f7f5-qxjzz -ti -- sh
/ # while curl backend:3001; do echo "" && sleep 0.1; done

see that some of them fails with protocol error

Hello World! Marketplace with sales and reviews made with <3 by the OCTO team at Kong Inc.
Hello World! Marketplace with sales and reviews made with <3 by the OCTO team at Kong Inc.
upstream connect error or disconnect/reset before headers. reset reason: protocol error
upstream connect error or disconnect/reset before headers. reset reason: protocol error
Hello World! Marketplace with sales and reviews made with <3 by the OCTO team at Kong Inc.
upstream connect error or disconnect/reset before headers. reset reason: protocol error
Hello World! Marketplace with sales and reviews made with <3 by the OCTO team at Kong Inc.
Hello World! Marketplace with sales and reviews made with <3 by the OCTO team at Kong Inc.
@jakubdyszkiewicz jakubdyszkiewicz added triage/pending This issue will be looked at on the next triage meeting kind/bug A bug labels May 23, 2023
@michaelbeaumont
Copy link
Contributor

michaelbeaumont commented May 23, 2023
edited
Loading

Suspicion: the client is configured to expect an HTTP upstream and so it will upgrade its outbound listener to HTTP2 and send HTTP2 requests, but the upstream will see HTTP2 directly, its sidecar being configured for TCP, which perhaps it can't handle.

The upstream has two entries in spec.networking.inbound, one with protocol: tcp, one with protocol: http but the last spec.networking.inbound wins when configuring the inbound Envoy listener. If tcp wins, this error appears. Not upgrading the outbound connection on the downstream from HTTP to HTTP2 fixes the error.

Options:

  1. Configure the highest common protocol on the inbound
  2. Don't upgrade to HTTP2 but it's unclear when not to upgrade

@lahabana
Copy link
Contributor

xref maybe: #2445 ?

@jakubdyszkiewicz jakubdyszkiewicz added triage/accepted The issue was reviewed and is complete enough to start working on it and removed triage/pending This issue will be looked at on the next triage meeting labels May 31, 2023
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Aug 30, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Sep 5, 2023
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 5, 2023

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Dec 5, 2023
@lukidzi lukidzi removed the triage/stale Inactive for some time. It will be triaged again label Dec 5, 2023
@lukidzi
Copy link
Contributor

lukidzi commented Dec 6, 2023

@michaelbeaumont mentioned that configuring the protocol isn't straightforward. When multiple services point to the same address but with different protocols, the last one takes precedence. It seems odd to find the highest common protocol on the inbound side because the outbound configuration still relies on the protocol defined by the specific cluster. Not sure what is the best solution here. So far we are not doing any infer protocol on inbounds.

@lahabana
Copy link
Contributor

When multiple services point to the same address but with different protocols, the last one takes precedence.
@lukidzi could you show an example?

@lukidzi
Copy link
Contributor

lukidzi commented Feb 21, 2024 

apiVersion: v1
kind: Service
metadata:
  name: backend
  namespace: kuma-demo
  annotations:
    3001.service.kuma.io/protocol: "http"
spec:
  selector:
    app: kuma-demo-backend
  ports:
  - name: api
    port: 3001
---
apiVersion: v1
kind: Service
metadata:
  annotations:
    3001.service.kuma.io/protocol: tcp # <- notice that the first service has http here
  name: backend-v2
  namespace: kuma-demo
spec:
  ports:
  - name: api
    port: 3001
    protocol: TCP
    targetPort: 3001
  selector:
    app: kuma-demo-backend

2nd service is going to be used.

@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label May 23, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lukidzi lukidzi removed the triage/stale Inactive for some time. It will be triaged again label May 27, 2024
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Aug 26, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@bartsmykla bartsmykla removed the triage/stale Inactive for some time. It will be triaged again label Aug 26, 2024
@lahabana
Copy link
Contributor

Is this no longer an issue with MeshService?

@lahabana lahabana added triage/pending This issue will be looked at on the next triage meeting and removed triage/accepted The issue was reviewed and is complete enough to start working on it labels Sep 19, 2024
@jakubdyszkiewicz
Copy link
Contributor Author

It's no longer an issue with MeshService

@jakubdyszkiewicz jakubdyszkiewicz closed this as not planned Won't fix, can't repro, duplicate, stale Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug A bug triage/pending This issue will be looked at on the next triage meeting
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@lahabana @michaelbeaumont @jakubdyszkiewicz @bartsmykla @lukidzi