Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linkerd doesn't work with .NET Core Grpc Service #2401

Open
1 task
MartinKosicky opened this issue Jun 4, 2020 · 5 comments
Open
1 task

Linkerd doesn't work with .NET Core Grpc Service #2401

MartinKosicky opened this issue Jun 4, 2020 · 5 comments
Projects
Linkerd 1.x Backlog. See https://gith...

Comments

@MartinKosicky
Copy link

MartinKosicky commented Jun 4, 2020
edited

Issue Type:

  • Bug report

My scheme is as follow: I have a client connecting linkerd over TLS. linkerd unpacks the TLS and forwards the communication unencrypted to the target POD on Kubernetes. What happens here is that the Grpc Service gives me the following:

Trace id "0HM08J72M21NK:00000003": HTTP/2 stream error "PROTOCOL_ERROR". A Reset is being sent to the stream.
Microsoft.AspNetCore.Connections.ConnectionAbortedException: The request :scheme header 'https' does not match the transport scheme 'http'.

I am using the k8s namer.

It seems that the :scheme header is being just forwarded from the originating client, however the target scheme should be 'http' since it's an unencrypted communication.

What you expected to happen:
I would expect that the :scheme header is set to http if communication is proxied on unencrypted endpoint

How to reproduce it (as minimally and precisely as possible):
Any client trying to reach some hello-world microservice in grpc,

Anything else we need to know?:

Environment:

  • linkerd/namerd version, config files: buoyantio/linkerd:1.7.0
@MartinKosicky
Copy link
Author

MartinKosicky commented Jun 4, 2020
edited

Also by checking a similiar bug, this was discussed here dotnet/aspnetcore#14745 although the authors of the grpc dont consider it to be correct to send the :scheme that way and are not planning to ease validation. I am not sure when is the scheme build, but it would make sence to specify it somewhere in the Transformer (or have the ability to prepend https:// or http:https:// ) I

@adleong
Copy link
Member

adleong commented Jun 4, 2020

Thanks, @MartinKosicky! Yes, I think you are correct that Linkerd should set the :scheme pseudoheader to http or https as appropriate when proxying the request rather than just forwarding the existing value.

@astryia
Copy link

astryia commented Nov 4, 2020

I'm experiencing exactly the same problem, the only difference is that client connecting to the Linkerd sidecar without TLS and then Linkerd setup secure connection to the remote service:

 Microsoft.AspNetCore.Server.Kestrel[35]
      Trace id "0HM40TS2KM45M:00000005": HTTP/2 stream error "PROTOCOL_ERROR". A Reset is being sent to the stream.
Microsoft.AspNetCore.Connections.ConnectionAbortedException: The request :scheme header 'http' does not match the transport scheme 'https'.

@cpretzer
Copy link
Contributor

cpretzer commented Nov 4, 2020

@astryia thanks for the confirmation.

If you're interested in contributing a PR, we'd love to have a fix for this.

@ahmetb
Copy link

ahmetb commented May 7, 2021

I think this is dotnet/aspnetcore#30532

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
No open projects
Linkerd 1.x Backlog. See https://gith...
Bug
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ahmetb @cpretzer @adleong @MartinKosicky @astryia