Comments (8)
I managed to reproduce it. The setup seems similar to regular mesh (in terms of iptables) though I only see ISTIO_OUTPUT, so not sure if it's really an easy port. mirrord doesn't recognize it as part of the mesh detection (no sidecar, only annotated - maybe we can detect from iptables. can we trust the annotation as way to know?)
ambient.istio.io/redirection: enabled
tbh I am not sure we can fix it as fast as we usually do (very busy period) so it'd be good to see if other users need it so we can prioritize it better.
from mirrord.
OK I verified that the issue is still present in 1.21.0.
I followed the guide in https://istio.io/latest/docs/ambient/getting-started/ to get set up.
Afterwards, I used mirrord
to steal traffic from the productpage-v1
. When I connect to the HTTPRoute, i expect for this traffic to be stolen and routed to my mirrord
process. Instead, it appears the traffic is not stolen and I can see the request appear at productpage-v1
.
Not sure if this is helpful or not since I am out of my depth, but FWIW in ambient mode I can see mirrord
obtaining a ztunnel
connection from logs
│
│ 2024-06-07T19:25:52.095358Z INFO xds{id=2}: ztunnel::xds::client: received response type_url="type.googleapis.com/istio.workload.Address" size=1 remove │
│ s=0 │
│ 2024-06-07T19:26:04.505215Z INFO ztunnel::inpod::statemanager: pod WorkloadUid("fe8e746c-7ca9-402e-9f61-7a97b4f4ba2d") received netns, starting proxy │
│ 2024-06-07T19:26:04.515067Z INFO ztunnel::proxy::inbound: listener established address=:15008 component="inbound" transparent=true │
│ 2024-06-07T19:26:04.525406Z INFO ztunnel::proxy::inbound_passthrough: listener established address=:15006 component="inbound plaintext" transparent=tru │
│ e │
│ 2024-06-07T19:26:04.535869Z INFO ztunnel::proxy::outbound: listener established address=:15001 component="outbound" transparent=true │
│ 2024-06-07T19:26:04.546294Z INFO ztunnel::proxy::socks5: listener established address=127.0.0.1:15080 component="socks5" │
│ 2024-06-07T19:26:05.134103Z INFO xds{id=2}: ztunnel::xds::client: received response type_url="type.googleapis.com/istio.workload.Address" size=1 remove │
│ s=0 │
from mirrord.
I think I managed to reproduce it. We'll take it internally. Thank you.
@DmitryDodzin I created a machine, installed kind + followed the guide and then run
mirrord exec -f mirrord.json --steal -t deployment/productpage-v1 -- python3 -m http.server 9080
and requests weren't stolen
I'll give you machine details.
from mirrord.
Thanks for reporting this. I am looking into it.
from mirrord.
Hey,
@DmitryDodzin from our team tried to reproduce it but couldn't.
I tried to re-reproduce it but seems like I'm running into other (just setting up a sample) issues.
Do you mind re-testing and seeing if it somehow was fixed since you last tried?
Thanks!
from mirrord.
No problem I will try to repro today.
from mirrord.
I am having some issues with istio ambient 1.22.1 due to a partial implementation of PROXY protocol (istio/ztunnel#850) - I created istio/ztunnel#1124 and will see if I can repro in the earlier version
from mirrord.
Thanks! Can you share more information about the cluster? is it GKE/EKS/AKS/Local? if so what version/flavor?
from mirrord.
Related Issues (20)
- serde_yaml is deprecated - find alternative
- `readlinkat` implementation. HOT 1
- Complete config.json invalid due to copy_target
- Improve error handling in parsing `Target`
- Add `Unknown` variant for `Target`
- Add deny.toml
- readlink stabilization HOT 1
- Improve seat count exceeded error on CLI
- Generate the `configuration.md` file automatically on changes to the configuration code. HOT 1
- Validate JSON snippets in `configuration.md` (or directly in the rust docs)
- remove expiry message when not on trial
- mirrord layer test "outgoing_tcp_bound_socket" is flaky
- Research sessions failing under high stress mirroring HOT 6
- Support mirroring traffic from pod's localhost HOT 1
- Support HTTP filtering when mirroring
- Network interface config not propagating to agent
- Make mirroring interface "dynamic"
- `mirrord operator session` commands should accept mirrord config
- http path filter runs on path only
- rabbitmq + node + macOS doesn't connect HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mirrord.