Kong: stream routing does not work in DB-less and hybrid mode
Summary
Stream routes are not propagated in DB-less mode and Kong always closes the TCP connections with an error log entry of no routes found. This works in DB-mode.
Steps To Reproduce
Populate Kong with following configuration:
_format_version: "1.1"
services:
- connect_timeout: 60000
host: httpbin.org
name: httpbin.httpbin.80
port: 80
protocol: tcp
read_timeout: 60000
retries: 5
write_timeout: 60000
routes:
- name: httpbin.example-app1.0
protocols:
- tcp
destinations:
- port: 9000
telnet localhost 9000 will not work.
Run the same setup with postgres and that works.
Additional Details & Logs
- Kong version (
$ kong version) 2.0.2 - Operating system: Docker
hbagdi
All 11 comments
Any update on when this could be fixed? I just spent half a day trying to get streams set up, only to find this issue :disappointed:
braedon
on 29 Mar 2020
Unfortunately we won't be able to fix this until we are able to share memory between the http and stream subsystems, which is a limitation in Openresty at the moment. We have an open PR for Openresty with a fix in:
kikito
on 6 Apr 2020
Note: According to my test (re)loading the declarative config using the Kong CLI works. It's the dynamic update at runtime using the /config endpoint not working. We are working on a fix right now.
dndx
on 15 Apr 2020
This is a blocker for Kuma as well.
subnetmarco
on 16 Apr 2020
Just to be sure as I was looking for ssl passthrough solution using Kong ingress controller. It appears to me, this won't work because of this issue, right? Since Kong operator is based on DB-less mode Kong deployment, it's not possible to forward the HTTPs traffic as TCP stream to backend by using this feature. Please correct me if any. @hbagdi
morningspace
on 17 Apr 2020
It appears to me, this won't work because of this issue, right?
You can also use Kong Ingress Controller with a database. This bug doesn't affect Kong with a database.
hbagdi
on 17 Apr 2020
Yes, but just it's recommended to use DB-less for Kong in Kubernetes which seems making good sense to me... Ideally, it'd be nice to have this feature in DB-less mode. Wonder whether or not it's easy to implement...
morningspace
on 18 Apr 2020
5786 is in progress to fix this. 2.0.4 is expected to include this.
hbagdi
on 18 Apr 2020
@hbagdi It looks the fix has been committed to master branch but the latest release 2.0.4 hasn't picked up this fix... Do you know when the next release will be out? Or, I'm thinking if we want to leverage this fix for Kong in DB-less mode in Kubernetes cluster, probably we need to build Kong from source, is it right?
morningspace
on 11 May 2020
My bad, after recheck, it looks the fix has been included in Kong release 2.0.4. But I'm having some troubles when I was verifying this against the upstream service exposed using HTTPS. Probably I will create a separate git issue to explain what I am seeing...
morningspace
on 11 May 2020
I raised an issue here: https://discuss.konghq.com/t/does-kong-ingress-controller-support-tls-passthrough-for-https-upstream-service/6268 @hbagdi FYI
morningspace
on 11 May 2020
Related issues
vikaskmr1008
路
3Comments
Tieske
路
4Comments
z843248880
路
3Comments
ypscotto
路
3Comments
Voronenko
路
3Comments
Most helpful comment
5786 is in progress to fix this. 2.0.4 is expected to include this.