-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
envoy stuck initializing cluster after we updated to 6ea29c7 #7252
Comments
Err, sorry for the confusion but #7200 is actually newer. I'll look around a bit more. |
Hmm a bit suspicious about #6525 now, given that we use gRPC to talk to our SDS sidecar. |
Hmm, taking a closer look this morning it seems to be between these changes: Bisecting now. |
I would potentially suspect 1e34a2e |
@mattklein123 literally just reverted it and trying that :-) |
stay tuned. |
Alas, 1e34a2e wasn't the problem. Still stuck at:
|
Hmm what's going on here:
|
Ok, definitely related to our |
So the issue gets triggered by running two instances of our sds sidecar [unclear why this is bad in itself, but reverting fixes it]. Leaving this open for now, since there might be room for improving how Envoy handles a misbehaving sds cluster/instance. |
Turns out, the problem was our sds service was returning incorrect secrets to Envoy, which Envoy would ignore and request again. Envoy would then block setting up clusters/listeners until it got a secret response it expected. Since this never happened, Envoy would block forever... Sorry for the false alarm. |
Since we synced with 6ea29c7, we are seeing that Envoy never finishes initializing clusters that depend on SDS. E.g.:
but something like:
never happens. The TLS context for the
foo
cluster looks like this:cc: @fishcakez
The text was updated successfully, but these errors were encountered: