Istio: Possibly unnecessary additional `Listeners` for inbound traffic

Created on 27 May 2020  路  2Comments  路  Source: istio/istio

Bug description
When debugging envoy config, Istio creates "a virtual listener per service IP, per each non-HTTP for outbound TCP/HTTPS traffic" (see "Debugging Envoy and Istiod"). However, since Istio 1.4, there is a FilterChain on the "virtualInbound"-listener for each open port that directly contains a Route to the correct Cluster.

Therefore, it seems as though inbound traffic is not distributed to these "SidecarInboundListeners" anymore (that's how they're called in the code).

(This very cool DeepDive by @rootsongjc also describes this behaviour and gives some examplary envoy config that is very similar to the one I saw.)

Is there a reason why Istio still creates "SidecarInboundListeners" or can these be removed?

Steps to reproduce the bug
Deploy bookinfo and look at envoy config.

Version
Istio 1.4+

arenetworking kindocs
Source
picture jkbschmid

Most helpful comment

This should be fixed on 1.6 by https://github.com/istio/istio/pull/22788

picture howardjohn on 27 May 2020
👍3

All 2 comments

This should be fixed on 1.6 by https://github.com/istio/istio/pull/22788

howardjohn picture howardjohn on 27 May 2020
👍3

Great to hear, thanks for the quick response!

jkbschmid picture jkbschmid on 28 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

prune998 picture prune998  路  3Comments
dgn picture dgn  路  3Comments
baracoder picture baracoder  路  3Comments
morvencao picture morvencao  路  4Comments
ZackButcher picture ZackButcher  路  4Comments