Error reported on EnvoyFilter scenario

1

Architecture:
 Ingress gateway controller component: envoy Router pod, envoy filter matched in it
 Ext-Proc Component: GRPC Server pod with service name envoy-ext-proc-data, external processor type extension with customization coding
 Istio Envoyfilter: Customized Envoy Filter in ExternalProcessor type, which grpc_service.envoy_grpc.cluster_name pointing to envoy-ext-proc-data.svc.bdefault.cluster

image
image789×1000 99.3 KB

EnvoyFilter Configuration:

Istio / Envoy Filter

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: envoy-ext-proc-data
namespace: istio-ingress # Restricted to the configuration namespace in which the resource is present.
spec:
workloadSelector: # Set of pods/VMs
labels:
istio: ingress # Use istio default controller
configPatches:

  • applyTo: HTTP_FILTER
    match:
    context: GATEWAY #SIDECAR_INBOUND for proxy
    listener:
    filterChain:
    filter:
    name: envoy.filters.network.http_connection_manager
    subFilter:
    name: envoy.filters.http.router
    #portNumber: 8080
    patch:
    operation: ADD
    filterClass: AUTHZ # This filter will run after the Istio authz filter.
    value:
    name: envoy.filters.http.ext_proc
    typed_config:
    @type”: type.googleapis.com/envoy.extensions.filters.http.ext_proc.v3.ExternalProcessor
    grpc_service:
    envoy_grpc:
    cluster_name: envoy-ext-proc-data
    message_timeout: 1s
    processing_mode:
    request_header_mode: “SEND”
    response_header_mode: “SEND”
    request_body_mode: “NONE”
    response_body_mode: “NONE”
    request_trailer_mode: “SKIP”
    response_trailer_mode: “SKIP”
  • applyTo: CLUSTER
    match:
    context: ANY
    patch:
    operation: ADD
    value:
    connect_timeout: 0.25s
    http2_protocol_options: { }
    load_assignment:
    cluster_name: envoy-ext-proc-data
    endpoints:
    - lb_endpoints:
    - endpoint:
    address:
    socket_address:
    address: 192.168.15.182 #envoy-ext-proc-data.default.svc.cluster.local
    port_value: 18080

    name: envoy-ext-proc-data

    type: STATIC

Detail Exception:
 Ext-Proc pod: no any access log in the pod
 Ingress controller pod: Error reported in log, as below, after envoy filter configured

  • Connection #0 to host data.iptiqtap.com left intact
    upstream connect error or disconnect/reset before headers. reset reason: connection failure, transport failure reason: delayed connect error: 111

Could someone help guide whether any configuration exception on the EnvoyFilter?