Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GE UI unable to retrieve Envoy configuration when gateway-proxies not in default gloo-system namespace #9378

Open
DuncanDoyle opened this issue Apr 16, 2024 · 1 comment
Open

GE UI unable to retrieve Envoy configuration when gateway-proxies not in default gloo-system namespace #9378

DuncanDoyle opened this issue Apr 16, 2024 · 1 comment
Labels
Area: UI Area: UX Type: Bug Something isn't working

Comments

@DuncanDoyle
Copy link
Contributor

DuncanDoyle commented Apr 16, 2024
edited

Gloo Edge Product

Enterprise

Gloo Edge Version

1.16.6

Kubernetes Version

1.27.8

Describe the bug

When you deploy your gateway proxies in any other namespace than gloo-system, the GE UI will be not be able to recognize and display the Envoy configuration.

Using the following configuration, in which we only deploy the default gateway in gloo-system and the other 2 gateway-proxies in gloo-external and gloo-internal, the UI will only be able to display the Envoy config of the GW in gloo-system namespace:

gloo:
  settings:
    disableKubernetesDestinations: true
  discovery:
    enabled: true
  gateway:
    persistProxySpec: true
    readGatewaysFromAllNamespaces: true
  gatewayProxies:      
    gatewayProxy:
      disabled: false
      readConfig: true
      readConfigMulticluster: true
      gatewaySettings:
        customHttpGateway:
          virtualServiceSelector:
            gateway-type: default
        customHttpsGateway:
          virtualServiceSelector:
            gateway-type: default
    publicGw:
      namespace: gloo-external
      disabled: false
      readConfig: true
      readConfigMulticluster: true
      kind:
        deployment:
          replicas: 1
      service:
        httpPort: 81
        httpsFirst: true
        httpsPort: 444
        type: LoadBalancer
      tcpKeepaliveTimeSeconds: 5
      gatewaySettings:
        customHttpGateway:
          virtualServiceSelector:
            gateway-type: public
        customHttpsGateway:
          virtualServiceSelector:
            gateway-type: public
    corpGw:
      namespace: gloo-internal
      disabled: false
      readConfig: true
      readConfigMulticluster: true
      kind:
        deployment:
          replicas: 1
      service:
        httpPort: 8080
        httpsFirst: true
        httpsPort: 8443
        type: LoadBalancer
      tcpKeepaliveTimeSeconds: 5
      gatewaySettings:
        customHttpGateway:
          virtualServiceSelector:
            gateway-type: private
        customHttpsGateway:
          virtualServiceSelector:
            gateway-type: private
Screenshot 2024-04-16 at 20 03 45

When you deploy all 3 gateway-proxies in the gloo-system namespace, the UI will see all of them:

gloo:
  settings:
    disableKubernetesDestinations: true
  discovery:
    enabled: true
  gateway:
    persistProxySpec: true
    readGatewaysFromAllNamespaces: true
  gatewayProxies:      
    gatewayProxy:
      disabled: false
      readConfig: true
      readConfigMulticluster: true
      gatewaySettings:
        customHttpGateway:
          virtualServiceSelector:
            gateway-type: default
        customHttpsGateway:
          virtualServiceSelector:
            gateway-type: default
    publicGw:
      # namespace: gloo-external
      disabled: false
      readConfig: true
      readConfigMulticluster: true
      kind:
        deployment:
          replicas: 1
      service:
        httpPort: 81
        httpsFirst: true
        httpsPort: 444
        type: LoadBalancer
      tcpKeepaliveTimeSeconds: 5
      gatewaySettings:
        customHttpGateway:
          virtualServiceSelector:
            gateway-type: public
        customHttpsGateway:
          virtualServiceSelector:
            gateway-type: public
    corpGw:
      # namespace: gloo-internal
      disabled: false
      readConfig: true
      readConfigMulticluster: true
      kind:
        deployment:
          replicas: 1
      service:
        httpPort: 8080
        httpsFirst: true
        httpsPort: 8443
        type: LoadBalancer
      tcpKeepaliveTimeSeconds: 5
      gatewaySettings:
        customHttpGateway:
          virtualServiceSelector:
            gateway-type: private
        customHttpsGateway:
          virtualServiceSelector:
            gateway-type: private
Screenshot 2024-04-16 at 19 40 39

When you change the writeNamespace of GE to another namespace than gloo-system, the Proxy CRs get written to a namespace that is different from gloo-system. The dataplane works fine, but the UI can't see any Envoy config with this setting.

gloo:
  settings:
    disableKubernetesDestinations: true
    writeNamespace: gloo-external
  discovery:
    enabled: true
  gateway:
    persistProxySpec: true
    readGatewaysFromAllNamespaces: true
  gatewayProxies:      
    gatewayProxy:
      disabled: false
      readConfig: true
      readConfigMulticluster: true
      gatewaySettings:
        customHttpGateway:
          virtualServiceSelector:
            gateway-type: default
        customHttpsGateway:
          virtualServiceSelector:
            gateway-type: default
    publicGw:
      # namespace: gloo-external
      disabled: false
      readConfig: true
      readConfigMulticluster: true
      kind:
        deployment:
          replicas: 1
      service:
        httpPort: 81
        httpsFirst: true
        httpsPort: 444
        type: LoadBalancer
      tcpKeepaliveTimeSeconds: 5
      gatewaySettings:
        customHttpGateway:
          virtualServiceSelector:
            gateway-type: public
        customHttpsGateway:
          virtualServiceSelector:
            gateway-type: public
    corpGw:
      # namespace: gloo-internal
      disabled: false
      readConfig: true
      readConfigMulticluster: true
      kind:
        deployment:
          replicas: 1
      service:
        httpPort: 8080
        httpsFirst: true
        httpsPort: 8443
        type: LoadBalancer
      tcpKeepaliveTimeSeconds: 5
      gatewaySettings:
        customHttpGateway:
          virtualServiceSelector:
            gateway-type: private
        customHttpsGateway:
          virtualServiceSelector:
            gateway-type: private
Screenshot 2024-04-16 at 19 52 47

Expected Behavior

GE UI is able to display the Envoy configuration of all my gateway-proxies, regardless of the namespace they are deployed in.

Steps to reproduce the bug

Use the Helm values provided in the description to deploy the different scenarios.

Also, see reproducer project here: https://github.com/DuncanDoyle/ge-gloo-9378-9379

Additional Environment Detail

No response

Additional Context

No response
@DuncanDoyle DuncanDoyle added Type: Bug Something isn't working Area: UI Area: UX labels Apr 16, 2024
@nfuden
Copy link
Contributor

nfuden commented Apr 17, 2024

if we are tackling this we should also make sure that it works with GGV2 and also migrates from using the proxy cr to instead using either the grpc endpoint or the xds endpoints.
If we are tackling this we need to make sure that we dont leak enterprise xds configuration that is not envoy. In other words extauth configuration likely would not display well if attempted to be parsed as proxy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: UI Area: UX Type: Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DuncanDoyle @nfuden