Skip to content

ConsistentHash under backendSettings in SecurityPolicy is not working for extAuth gRPC service #7235

@yuntanghsu

Description

@yuntanghsu

Description:

What issue is being seen? Describe what should be happening instead of
the bug, for example: The expected value isn't returned, etc.

The ConsistentHash configured under backendSettings in the SecurityPolicy (used for external gRPC authentication) are not working even the config is reflected in the Envoy configuration.

Repro steps:

Include sample requests, environment, etc. All data and inputs
required to reproduce the bug.

Create a SecurityPolicy that includes backendSettings under the extAuth.grpc configuration and targeting an HTTPRoute. After creating two replicas of extAuth server, traffic from the same browser are going to two extAuth servers. None of ConsistentHash type (sourceIP/Header/Cookie) works.

Note: If there are privacy concerns, sanitize the data prior to
sharing.

spec:
  extAuth:
    bodyToExtAuth:
      maxRequestBytes: 16384
    failOpen: false
    grpc:
      backendRefs:
        - group: ""
          kind: Service
          name: aaa
          namespace: bbb
          port: 1111
      backendSettings:
        loadBalancer:
          consistentHash:
            tableSize: 65537
            type: SourceIP
          type: ConsistentHash
curl -s localhost:19000/config_dump \
| jq '.configs[]? 
  | select(.["@type"] | contains("Cluster"))? 
  | .dynamic_active_clusters[]? 
  | select(.cluster.name | test("extauth"; "i"))? 
  | {name: .cluster.name, lb_policy: .cluster.lb_policy}'
{
  "name": "securitypolicy/bbb/ext-auth/extauth/0",
  "lb_policy": "MAGLEV"
}

Environment:

Include the environment like gateway version, envoy version and so on.

Envoy Gateway Version: v1.5.0
Envoy Proxy Version: v1.35.0

Logs:

Include the access logs and the Envoy logs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/apiAPI-related issueshelp wantedExtra attention is needed

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions