I'm currently trying to set up envoy to take in a https request, and pass the request on as an http request to a separately running(via Docker) local endpoint(Envoy is also being run locally). Unfortunately, when I make the request via Postman I get the following error "upstream connect error or disconnect/reset before headers. reset reason: connection failure". Any ideas on how this issue could be fixed?
The envoy.yaml file I'm using is the following:
# envoy
static_resources:
listeners:
- name: "listener"
address: { socket_address: { address: 0.0.0.0, port_value: 8443 } }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"#type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_https
http_filters: { name: envoy.filters.http.router }
route_config:
name: route
virtual_hosts:
- name: host
domains: ["*"]
routes:
- match: { prefix: "/" }
route:
cluster: cluster
timeout: 10s
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"#type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
common_tls_context:
tls_certificates:
- certificate_chain: { filename: "/etc/envoy/cert.crt" }
private_key: { filename: "/etc/envoy/cert.key" }
alpn_protocols: "h2,http/1.1"
clusters:
- name: cluster
connect_timeout: 20s
type: strict_dns
lb_policy: least_request
health_checks:
timeout: 5s
interval: 2s
unhealthy_threshold: 3
healthy_threshold: 1
http_health_check: { path: "/healthcheck" }
circuit_breakers:
thresholds:
max_retries: 300
load_assignment:
cluster_name: cluster
endpoints:
- lb_endpoints:
- endpoint: { address: { socket_address: { address: "0.0.0.0", port_value: 8080 } } }
If anything else is needed please let me know. Thanks in advance for the help/tips!
Increase your cluster connect_timeout and try again. Maybe that will fix the problem.
Related
I have grpc server, web application and mobile application. With web application, I used envoy proxy for reverse from grpc web to grpc server by my domain. But this only grpc web can connect to my server over envoy, my application run with grpc cannot connect it. I want to connect to my gprc server over my domain with both grpc-web and grpc. Any one can help me explain and solve this issue. Thanks every one
This is my envoy setup
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 9090 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"#type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route:
cluster: echo_service
timeout: 0s
max_stream_duration:
grpc_timeout_header_max: 0s
cors:
allow_origin_string_match:
- prefix: "*"
allow_methods: GET, PUT, DELETE, POST, OPTIONS
allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
max_age: "1728000"
expose_headers: custom-header-1,grpc-status,grpc-message
http_filters:
- name: envoy.filters.http.grpc_web
- name: envoy.filters.http.cors
- name: envoy.filters.http.router
clusters:
- name: echo_service
connect_timeout: 0.25s
type: logical_dns
http2_protocol_options: {}
lb_policy: round_robin
load_assignment:
cluster_name: cluster_0
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: server
port_value: 8080
Not sure what is the exact question? Currently you need to use Envoy to translate grpc-web to grpc.
I'm trying to setup Envoy to route "/account" to a gRPC service. It works fine if I set the route prefix to "/" but if I introduce "/account", it breaks. I've tried prefix_rewrite:"/" but that didn't help.
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 3000 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"#type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/account/" }
route: {cluster: account_service, prefix_rewrite: "/" }
- match: { prefix: "/account" }
route: { cluster: account_service, prefix_rewrite: "/"}
http_filters:
- name: envoy.filters.http.grpc_web
- name: envoy.filters.http.router
clusters:
- name: account_service
connect_timeout: 0.25s
type: logical_dns
http2_protocol_options: {}
lb_policy: round_robin
hosts: [{ socket_address: { address: account, port_value: 3400 } }]
Hitting localhost:3000/account results in:
{
"error": "14 UNAVAILABLE: DNS resolution failed"
}
Thank you for your time. I know it is valuable!
prefix_rewrite won't work since it will route localhost:3000/account to account_service:3400/. Simply in your scenario, this should work. This should route localhost:3000/account to account_service:3400/account
- match: { prefix: "/account/" }
route: {cluster: account_service}
I am using a envoy proxy for grpc-web and everything was working fine with one service but now I am registering other services I ran into problems. I thought a routed configuration would work but when I try to hit the endpoint it gives me a DNS resolution failed in bloomRPC.
Should I just move to a sidecar envoy mesh configuration? I've been avoiding this because it adds complexity to development, but in my research to fix this problem it came up a lot.
I'm running it with docker-compose in MacOS Catalina.
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9991 }
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 9911
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"#type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains:
- "*"
routes:
- match:
prefix: "/service1"
route:
cluster: service1
- match:
prefix: "/service2"
route:
cluster: service2
cors:
allow_origin_string_match:
- prefix: "*"
allow_methods: GET,PUT,DELETE,POST,OPTIONS
allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout,access-token
max_age: "1728000"
expose_headers: custom-header-1,grpc-status,grpc-message,access-token
allow_credentials: true
http_filters:
- name: envoy.filters.http.grpc_http1_bridge
typed_config: { }
- name: envoy.filters.http.grpc_web
typed_config: { }
- name: envoy.filters.http.cors
typed_config: { }
- name: envoy.filters.http.router
typed_config: { }
clusters:
- name: service1
connect_timeout: 0.25s
type: strict_dns
dns_lookup_family: V4_ONLY
http2_protocol_options: { }
lb_policy: round_robin
load_assignment:
cluster_name: service1
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: host.docker.internal #0.0.0.0
port_value: 50101
- name: service2
connect_timeout: 0.25s
type: strict_dns
dns_lookup_family: V4_ONLY
http2_protocol_options: { }
lb_policy: round_robin
load_assignment:
cluster_name: service2
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: host.docker.internal #0.0.0.0
port_value: 50102
I tried to integrate gPRC into flutter-web, but it always failed. I don't know if there is a problem with my code or GRPC can't be integrated into flutter-web.
dependencies:
flutter:
sdk: flutter
grpc: ^2.1.3
protobuf: ^1.0.1
Here's my server-side code:
I have two questions.
The first one is whether the GRPC can be integrated into fluter-web.?
The second one is what libraries I need and whether there are any examples?
thank you.
The short answer, yes you can.
For now, grpc-web need a web proxy in front of the gRPC server to translate the requests and responses to something the browser can use. See https://grpc.io/blog/state-of-grpc-web/ for details.
You can use Envoy as the web proxy.
Here the steps to use envoy:
set your web client channel in flutter
GrpcWebClientChannel.xhr(Uri.parse('http://localhost:8080'));
set the server to listen on the following sample:
path := "127.0.0.1:3001"
Install envoy from https://www.envoyproxy.io/
create configuration for envoy like the following example. Save it as envoy.yaml:
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"#type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route:
cluster: greeter_service
max_stream_duration:
grpc_timeout_header_max: 0s
cors:
allow_origin_string_match:
- prefix: "*"
allow_methods: GET, PUT, DELETE, POST, OPTIONS
allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
max_age: "1728000"
expose_headers: id,token,grpc-status,grpc-message
http_filters:
- name: envoy.filters.http.grpc_web
- name: envoy.filters.http.cors
- name: envoy.filters.http.router
clusters:
- name: greeter_service
connect_timeout: 0.25s
type: logical_dns
http2_protocol_options: {}
lb_policy: round_robin
# win/mac hosts: Use address: host.docker.internal instead of address: localhost in the line below
load_assignment:
cluster_name: cluster_0
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 0.0.0.0
port_value: 3001
Run envoy with the configuration (sample in Linux box):
$ envoy -c envoy.yaml
Now, try to run the flutter web client and server.
See https://github.com/sigurdm/grpc_web_flutter_example or https://github.com/grpc/grpc-web/tree/master/net/grpc/gateway/examples/helloworld
I'm using Istio pilot-agent proxy in OpenShift cluster.
I have an error (INVALID_ARGUMENT:static_resources.clusters[0].hosts[0]: invalid name url: Cannot find field....
Config:
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
stat_prefix: egress_http
use_remote_address: true
codec_type: AUTO
route_config:
name: local_route
virtual_hosts:
- name: local-services
domains: ["*"]
routes:
- match: { prefix: "/service-a" }
route: { cluster: service-a }
http_filters:
- name: envoy.router
clusters:
- name: service-a
connect_timeout: 0.25s
# dns_lookup_family: V4_ONLY
lb_policy: round_robin
type: strict_dns
hosts:
- url : tcp://service-a.apps-stage.vm.mos.cloud.sbrf.ru:80
From what I can tell with Envoy, the error "Cannot find field" means that you requested a field name (in this case, url) in a data structure, but Envoy doesn't support that field name in that data structure.
The "hosts" block, in your example, would look like:
hosts:
- socket_address:
address: "service-a.apps-stage.vm.mos.cloud.sbrf.ru"
port_value: 80