Comments (5)
cindymullins-dw
commented on May 28, 2024
We notice you're using Rancher and there's a possibility might be altering the YAML, so that's something we'd like to check. Can you run a kubectl get mapping for one of your Mappings here so we can take a look at that?
from emissary.
dmaclaury
commented on May 28, 2024
We see this in EKS as well, but here is the requested output from my Rancher test environment:
k get mapping -A
NAMESPACE NAME SOURCE HOST SOURCE PREFIX DEST SERVICE STATE REASON
default quote-backend-wildcard _skip_mapping_with_empty_host_ /backend/ quote
default quote-backend _skip_mapping_with_empty_host_ /backend/ quote
default quote-backend-host _skip_mapping_with_empty_host_ / quote
default quote-backend-host-splat _skip_mapping_with_empty_host_ /splat-only/ quotek describe mapping -A
Name: quote-backend-wildcard
Namespace: default
Labels: hostKind=wildcard-host
Annotations: <none>
API Version: getambassador.io/v2
Kind: Mapping
Metadata:
Creation Timestamp: 2024-04-17T20:49:45Z
Generation: 1
Resource Version: 152376
UID: 405ec9da-6446-463c-bfdb-351aa40fb27f
Spec:
ambassador_id:
--apiVersion-v3alpha1-only--default
Docs:
Path: /.ambassador-internal/openapi-docs
Host: _skip_mapping_with_empty_host_
Prefix: /backend/
Service: quote
Events: <none>
Name: quote-backend
Namespace: default
Labels: hostKind=localhost2
Annotations: <none>
API Version: getambassador.io/v2
Kind: Mapping
Metadata:
Creation Timestamp: 2024-04-17T20:49:45Z
Generation: 1
Resource Version: 152377
UID: f1e4d716-3ee7-4fdd-b983-707f0913813b
Spec:
ambassador_id:
--apiVersion-v3alpha1-only--default
Docs:
Path: /.ambassador-internal/openapi-docs
Host: _skip_mapping_with_empty_host_
Prefix: /backend/
Service: quote
Events: <none>
Name: quote-backend-host
Namespace: default
Labels: hostKind=localhost2
Annotations: <none>
API Version: getambassador.io/v2
Kind: Mapping
Metadata:
Creation Timestamp: 2024-04-17T20:49:45Z
Generation: 1
Resource Version: 152378
UID: 5afd128d-ea07-4e91-860e-2a53ae367e31
Spec:
ambassador_id:
--apiVersion-v3alpha1-only--default
Docs:
Path: /.ambassador-internal/openapi-docs
Host: _skip_mapping_with_empty_host_
Prefix: /
Service: quote
Events: <none>
Name: quote-backend-host-splat
Namespace: default
Labels: hostKind=localhost-splat
Annotations: <none>
API Version: getambassador.io/v2
Kind: Mapping
Metadata:
Creation Timestamp: 2024-04-17T20:49:46Z
Generation: 1
Resource Version: 152379
UID: 7feb8cc0-53dc-4930-9ad9-22151ee90e24
Spec:
ambassador_id:
--apiVersion-v3alpha1-only--default
Docs:
Path: /.ambassador-internal/openapi-docs
Host: _skip_mapping_with_empty_host_
Prefix: /splat-only/
Service: quote
Events: <none>from emissary.
cindymullins-dw
commented on May 28, 2024
Thanks, I think that looks ok. Can you try running this as well? kubectl get host wildcard-host -n ambassador -o yaml
from emissary.
dmaclaury
commented on May 28, 2024
Here are all the hosts, they are in default namespace, but listeners are configured for ALL
k get hosts.getambassador.io -o yaml
apiVersion: v1
items:
- apiVersion: getambassador.io/v2
kind: Host
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"getambassador.io/v3alpha1","kind":"Host","metadata":{"annotations":{},"name":"localhost2","namespace":"default"},"spec":{"hostname":"localhost2","mappingSelector":{"matchLabels":{"hostKind":"localhost2"}},"requestPolicy":{"insecure":{"action":"Route"}},"tlsSecret":{"name":"tls-cert"}}}
creationTimestamp: "2024-04-17T20:49:20Z"
generation: 1
name: localhost2
namespace: default
resourceVersion: "152364"
uid: 2d038cbe-6334-414d-928c-db845f18272a
spec:
ambassador_id:
- --apiVersion-v3alpha1-only--default
hostname: localhost2
requestPolicy:
insecure:
action: Route
selector:
matchLabels:
hostKind: localhost2
tlsSecret:
name: tls-cert
status: {}
- apiVersion: getambassador.io/v2
kind: Host
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"getambassador.io/v3alpha1","kind":"Host","metadata":{"annotations":{},"name":"localhost-splat","namespace":"default"},"spec":{"hostname":"*.localhost","mappingSelector":{"matchLabels":{"hostKind":"localhost-splat"}},"requestPolicy":{"insecure":{"action":"Route"}},"tlsSecret":{"name":"tls-cert"}}}
creationTimestamp: "2024-04-17T20:49:21Z"
generation: 1
name: localhost-splat
namespace: default
resourceVersion: "152365"
uid: 4f8ca933-1a20-43cb-baf2-22ceb7b89a6e
spec:
ambassador_id:
- --apiVersion-v3alpha1-only--default
hostname: '*.localhost'
requestPolicy:
insecure:
action: Route
selector:
matchLabels:
hostKind: localhost-splat
tlsSecret:
name: tls-cert
status: {}
- apiVersion: getambassador.io/v2
kind: Host
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"getambassador.io/v3alpha1","kind":"Host","metadata":{"annotations":{},"name":"wildcard-host","namespace":"default"},"spec":{"acmeProvider":{"authority":"none"},"hostname":"*","mappingSelector":{"matchLabels":{"hostKind":"wildcard-host"}},"requestPolicy":{"insecure":{"action":"Route"}},"tlsSecret":{"name":"tls-cert"}}}
creationTimestamp: "2024-04-18T21:40:14Z"
generation: 1
name: wildcard-host
namespace: default
resourceVersion: "153787"
uid: bf52ee0e-418d-4ef7-86f4-446f97fb8ca6
spec:
acmeProvider:
authority: none
ambassador_id:
- --apiVersion-v3alpha1-only--default
hostname: '*'
requestPolicy:
insecure:
action: Route
selector:
matchLabels:
hostKind: wildcard-host
tlsSecret:
name: tls-cert
status: {}
kind: List
metadata:
resourceVersion: ""from emissary.
cindymullins-dw
commented on May 28, 2024
Thanks for that. I did some research, and this seems to be a known issue: when setting mappingSelector on v3alpha1 CRDs, apiext (an Ambassador extension which converts resources to the v2 storage version) incorrectly handles the translation and stores the resource with an invalid Selector: field rather than mappingSelector. I see this in your yaml output as well.
Our recommendations for now are
- Continue to use Selector: on the v2 resources -- Do not attempt to upgrade to v3alpha1 until the issue has been resolved with mappingSelector:
- Manually edit the Selector: field on the v3alpha1 resource to be a mappingSelector: field. This breaks CI/CD pieplines when you introduce manual edits, and is highly discouraged as a best practice.
- Ignore using Selector: / mappingSelector: altogether for now, and associate Mappings and Hosts by specifying Hostname: fields on the Mapping resources.
from emissary.
Related Issues (20)
- Add support to create custom relabelling config for `serviceMonitor`
- Upgrade to 3.9.3
- Globally configure `min_tls_version` and `cipher_suites` for all connections
- Allow to set ipFamilies in service and disable the module
- api version being appended to ambassador id for v3alpha1 mapping resources HOT 1
- no_healthy_upstream possibly caused by strange envoy DNS timeout HOT 1
- Opentelemetry driver missing spans HOT 4
- cannot override name with nameOverride when the release name is ambassador
- Change to mappings breaks canary routes
- Rate Limit example does not work HOT 4
- Emissary Ingress Readiness/Liveness Probe
- Readiness and Liveness Probe Failing with Overload Manager Configuration HOT 1
- shut down with error error: PANIC: reflect: reflect.Value.Set using value obtained using unexported field HOT 5
- SSL Handshake Failure When Mapping to External HTTPS Service (AWS CloudFront + S3) in Emissary Ingress HOT 1
- Routing with prefix not working HOT 1
- Emissary sending requests to 2 separate services as a round-robin despite hostname HOT 1
- Upgrade Envoy Proxy to resolve CVE-2024-30255 HOT 1
- End of life policy HOT 1
- A potential risk in emissary that could lead to takeover of the cluster
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from emissary.