ConsistentHash under backendSettings in SecurityPolicy is not working for extAuth gRPC service #7235
Description
Description:
What issue is being seen? Describe what should be happening instead of
the bug, for example: The expected value isn't returned, etc.
The ConsistentHash configured under backendSettings in the SecurityPolicy (used for external gRPC authentication) are not working even the config is reflected in the Envoy configuration.
Repro steps:
Include sample requests, environment, etc. All data and inputs
required to reproduce the bug.
Create a SecurityPolicy that includes backendSettings under the extAuth.grpc configuration and targeting an HTTPRoute. After creating two replicas of extAuth server, traffic from the same browser are going to two extAuth servers. None of ConsistentHash type (sourceIP/Header/Cookie) works.
Note: If there are privacy concerns, sanitize the data prior to
sharing.
spec:
extAuth:
bodyToExtAuth:
maxRequestBytes: 16384
failOpen: false
grpc:
backendRefs:
- group: ""
kind: Service
name: aaa
namespace: bbb
port: 1111
backendSettings:
loadBalancer:
consistentHash:
tableSize: 65537
type: SourceIP
type: ConsistentHash
curl -s localhost:19000/config_dump \
| jq '.configs[]?
| select(.["@type"] | contains("Cluster"))?
| .dynamic_active_clusters[]?
| select(.cluster.name | test("extauth"; "i"))?
| {name: .cluster.name, lb_policy: .cluster.lb_policy}'
{
"name": "securitypolicy/bbb/ext-auth/extauth/0",
"lb_policy": "MAGLEV"
}
Environment:
Include the environment like gateway version, envoy version and so on.
Envoy Gateway Version: v1.5.0
Envoy Proxy Version: v1.35.0
Logs:
Include the access logs and the Envoy logs.