-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDS ACK error for headless service instance #17748
Comments
Without deep dive, but i can say as |
@istio/wg-networking-maintainers What should we do?
We donot allow accessing itself by the podip.
|
solution 3: remove the inbound listener |
EDIT: ignore this,the cause is i tested it with nc using pure tcp. |
@lambdai Can not understand it well, I can see same |
So I think I know the problem. Its happening because we are generating listeners for each service instance in the headless service in the listener code. We need to fix that code to skip the pod's own service instance [or more specifically, skip ones where the instance.address == node.address] |
Yes... Since 1.3 all the bind_to_port = false in bound listeners are actually not be hand off by 15006 listener. |
Are the new listeners per instance supposed to be inbound or outbound? Anyway listener is expensive at envoy |
It is for outbound. |
Is there a set release that will include the fix merged as part of #17791? |
It will be in release-1.4. And i think this should go into 1.3 as well. Will cherry-pick. |
(NOTE: This is used to report product bugs:
To report a security vulnerability, please visit https://istio.io/about/security-vulnerabilities/
To ask questions about how to use Istio, please visit https://discuss.istio.io
)
Bug description
Headless service instance LDS NACK with duplicate listener error.
Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[x] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
Expected behavior
Steps to reproduce the bug
Version (include the output of
istioctl version --remote
andkubectl version
)How was Istio installed?
Environment where bug was observed (cloud vendor, OS, etc)
Additionally, please consider attaching a cluster state archive by attaching
the dump file to this issue.
The text was updated successfully, but these errors were encountered: