Comments (10)
It seemed like the version of contour
that was running was incompatible with the kubernetes version running on GKE (We have auto updates on) but there was no indication that there was an issue with contour besides the warning line (Being that it was a warning, we thought it could be ignored and would not interfere). Updating contour
solved the issue.
from gameserver-ingress-controller.
Just another user chiming in here... Sorry to hear about the weird behavior. Perhaps this article will help by walking you through a few common debugging steps? If nothing else it'll add some more data points to rule out common issues.
from gameserver-ingress-controller.
Testing connectivity by trying to dig/ nslookup the HOST issued (as well as directly trying to access the underlying IP address)
Trying to connect using the IP will not work. The ingress will only route traffic based on the host name. That is also important for TLS/HTTPS.
from gameserver-ingress-controller.
certificates for TLS is provisioned by cert-manager
and terminated at the ingress controller level. Looking into that warning line further seems to point to envoy not being set up correctly; Will report back if that was indeed the issue. Thanks for your help thus far!
from gameserver-ingress-controller.
No worries. Would you mind sharing more details about what fixed the problem. That way we can help others from the community. Thank you.
from gameserver-ingress-controller.
Hey @paulxuca this address is usually the IP of the load balancer. Additionally to the link Eddie shared you can check https://kubernetes.io/docs/concepts/services-networking/ingress/#types-of-ingress.
What do you see when you run kubectl -n $NAMESPACE get svc
? The NAMESPACE should be the namespace where you are running your ingress controller responsible for routing traffic.
from gameserver-ingress-controller.
O couple of things come to mind:
- Are you using a wildcard DNS record dedicated for the domain exposing the game servers?
- How are you testing connectivity?
- Have you deployed Contour?
from gameserver-ingress-controller.
Thanks for the quick response both. Went through the Medium article that Eddie linked to no avail; To answer the above questions:
Output of kubectl -n $NAMESPACE get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
xxx-fleet-qlhzl-6fj8m ClusterIP xx.xx.xxx <none> 7703/TCP 132m
xxx-fleet-qlhzl-9d572 ClusterIP xx.xx.xxx <none> 7404/TCP 133m
xxx-fleet-qlhzl-j57dv ClusterIP xx.xx.xxx <none> 7136/TCP 132m
- Using wildcard DNS record for the domain for game servers (Using path routing)
- Testing connectivity by trying to
dig/ nslookup
theHOST
issued (as well as directly trying to access the underlying IP address) - Contour is deployed; Although I am seeing warning logs:
[2023-08-08 17:19:19.270][1][warning][config] [./source/common/config/grpc_stream.h:196] StreamListeners gRPC config stream closed since 407s ago: 14, upstream connect error or disconnect/reset before headers. reset reason: connection failure, transport failure reason: TLS error: 268435581:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
Could that be related?
Thank you so much in advance for your help!
from gameserver-ingress-controller.
How are you provisioning certificates for TLS?
Where are you terminating TLS? At the game server, ingress controller or at the Cloud LoadBalancer?
from gameserver-ingress-controller.
That was indeed the issue; thanks again for the help and for creating this project!
from gameserver-ingress-controller.
Related Issues (18)
- Unit Tests? HOT 1
- Support option to terminate TLS at the gameserver (complete TLS passthrough) HOT 1
- Path based ingress->gameserver rules HOT 3
- Pass custom labels and/or annotations upon creation to gameserver-ingress-controller managed ingresses HOT 2
- Support for specific secretName HOT 1
- Multiple Replicas for controller HOT 7
- Add Prometheus instrumentation to Reconcile
- "Path" routing mode changes the relative path of requests HOT 2
- Octops causes ingress controller to constantly reload which causes dropped websocket connections HOT 7
- Contour Ingress does not rewrite path in Path mode HOT 2
- Template access to service objects
- Dont require octops.io/issuer-tls-name annotation if octops.io/secret-name is present HOT 7
- Getting some error logs about event permissions HOT 7
- Support multiple hosts HOT 8
- arm64 support? HOT 3
- websocket-routes annotation template not evaluated when generating Ingress HOT 2
- tls-secret-name requires terminate-tls=true, which makes the cert-issuer override that certificate in kubernetes HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gameserver-ingress-controller.