Comments (14)
douglas-reid
commented on June 10, 2024
1
It looks like it isn't coming from the mixer attribute derivation stuff:
I0923 01:07:39.430774 1 grpcServer.go:152] Attribute Bag:
context.protocol : http
destination.ip : 10.56.2.185
destination.service : productpage.default.svc.cluster.local
destination.uid : kubernetes://productpage-v1-2488187180-wzkkm.default
quota.amount : 1
quota.name : RequestCount
request.headers : map[x-b3-traceid:0000d392e006806f :authority:75.22.199.35.bc.googleusercontent.com x-forwarded-proto:http x-ot-span-context:0000d392e006806f;0000d392e006806f;0000000000000000 x-b3-sampled:1 x-envoy-expected-rq-timeout-ms:15000 x-request-id:c9fbec6f-6202-98e6-838b-944fc6661857 x-forwarded-for:10.150.0.5 pragma:no-cache accept-charset:iso-8859-1,utf-8;q=0.9,*;q=0.1 x-b3-spanid:0000d392e006806f x-envoy-internal:true :path:/login accept-language:en :method:GET content-length:0 accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* user-agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GoogleSecurityScanner; go/SecopsSecurityScan 1.337)]
request.host : 75.22.199.35.bc.googleusercontent.com
request.method : GET
request.path : /login
request.scheme : http
request.time : 2017-09-23 01:07:39.429065888 +0000 UTC
request.useragent : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GoogleSecurityScanner; go/SecopsSecurityScan 1.337)
source.ip : [10 56 3 154]
source.port : 53742
source.uid : kubernetes://istio-ingress-3820240895-vsxdq.istio-system
---
destination.labels : map[app:productpage pod-template-hash:2488187180 version:v1]
destination.namespace : default
destination.service : productpage.default.svc.cluster.local
destination.serviceAccount : default
source.labels : map[istio:ingress pod-template-hash:3820240895]
source.namespace : istio-system
source.service : ingress.istio-system.svc.cluster.local
source.serviceAccount : istio-ingress-service-account
Everything above the --- is from the original proto bag. So, hopefully, the fix you guys have identified is ready to go soon.
from old_mixerclient_repo.
qiwzhang
commented on June 10, 2024
It could not be.
They are switched to use Bytes in the same PR.
Here is the code: https://github.com/istio/proxy/blob/master/src/envoy/mixer/mixer_control.cc
Here is the PR: istio/proxy@0561c1d#diff-01d13090008b70b5a4e706e9babc542a
I need more evident.
from old_mixerclient_repo.
douglas-reid
commented on June 10, 2024
@qiwzhang Running from istio/istio HEAD.
PILOT_TAG="e5681371e971d20b89823e55e394b2f773e7f07a"
PROXY_TAG="c7785bd97bd3d1610bafdda9ceaa3a061a641bad"
I then just dumped logs. Maybe destination.ip isn't being sent by the proxy, but generated elsewhere?
from old_mixerclient_repo.
kyessenov
commented on June 10, 2024
Caused by this https://github.com/istio/pilot/blob/master/proxy/envoy/mixer.go#L108?
from old_mixerclient_repo.
kyessenov
commented on June 10, 2024
@qiwzhang which IP does your filter use? Service IP (external) or pod IP (internal)?
from old_mixerclient_repo.
qiwzhang
commented on June 10, 2024
Proxy is using
upstreamHost->address()->ip();
I guess it is the service host ip in the cluster manager. Pilot set it.
from old_mixerclient_repo.
qiwzhang
commented on June 10, 2024
Definitely caused by https://github.com/istio/pilot/blob/master/proxy/envoy/mixer.go#L128
In the Tcp Check, Proxy extracts it from Envoy config, which is string.
In the Tcp Report, Proxy over write it. which is BYTES.
I guess, Proxy should not just blindly copy the string. It should check ".ip" suffix, and convert it to bytes when copying from Mixer config
from old_mixerclient_repo.
qiwzhang
commented on June 10, 2024
Ultimate solution is to allow Pilot to write attribute type for the mesh attributes. Now it only supports string type. Leave this as 0.3 feature.
from old_mixerclient_repo.
douglas-reid
commented on June 10, 2024
Are we sure? I haven't debugged fully. It might be related to issues with:
from old_mixerclient_repo.
qiwzhang
commented on June 10, 2024
Filed https://github.com/istio/proxy/issues/483 to fix this.
from old_mixerclient_repo.
qiwzhang
commented on June 10, 2024
@douglas-reid assigned it to you so you can debug it first. If it is caused by https://github.com/istio/pilot/blob/master/proxy/envoy/mixer.go#L128. I have another issue to cover it. so you can close it.
from old_mixerclient_repo.
qiwzhang
commented on June 10, 2024
The issue
Allow Pilot to pass any type of mesh attributes to Mixer #483
is not easy to fix. It requires both Pilot and Proxy code change. It will be 0.2 after.
from old_mixerclient_repo.
geeknoid
commented on June 10, 2024
Is this issue resolved, or is there a different issue to track the problem?
Otherwise, it shouldn't be closed right?
…On Sat, Sep 23, 2017 at 8:57 PM, Wayne Zhang ***@***.***> wrote:
The issue
Allow Pilot to pass any type of mesh attributes to Mixer #483
is not easy to fix. It requires both Pilot and Proxy code change. It will
be 0.2 after.
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#112 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AVucHa-XZIUSP_tpsxbZ5Ji0hRf-OyClks5sldM-gaJpZM4Pehqh>
.
from old_mixerclient_repo.
qiwzhang
commented on June 10, 2024
It is covered by https://github.com/istio/proxy/issues/483
from old_mixerclient_repo.
Related Issues (20)
- need more details for report_batch.cc:78] Mixer Report failed with: UNAVAILABLE HOT 5
- Update mixerclient readme HOT 4
- Hook up platform logging HOT 1
- Use timer to flush out expired cache items HOT 1
- Provide statistics HOT 1
- httpFault/abort rules trigger does not send data to Prometheus HOT 1
- Add support for AttributeMatch.condition == REGEX HOT 1
- Make the set of attributes sent to the Mixer to be configurable HOT 1
- Elevate common request headers to attributes HOT 4
- Make the set of request headers sent to Mixer configurable HOT 1
- Add Mixer report attributes for requests rejected by Envoy proxy HOT 7
- Provide statistics for check and report latencies as histograms HOT 3
- Add trace spans for client HOT 1
- Send Mixer attribute "connection.mtls" in Check() and Report() calls.
- Mixer client needs retry behavior HOT 2
- Support automatic dictionary fallback to recover gracefully from dictionary mismatches HOT 3
- Finish implementation and enable full caching for preconditions and quotas HOT 4
- remove uuid dependency
- Migrate from Jenkins to Prow HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from old_mixerclient_repo.