You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you apply a waf policy to any of your routes which is not in a good state, you get the following message:
gRPC config for type.googleapis.com/envoy.config.route.v3.RouteConfiguration rejected: Rules error. File: <<reference missing or not informed>>. Line: 3. Column: 19.
And every new gateway pod that comes in place won't be able to get any dynamic_routes, as routing will get broken, so if you have this in place and then restart any gateway pod you will get the behavior reproduced
The cluster had a virtualService that matched with the rt: app label and also another simple RouteTable with no WAF rule on a different endpoint /.
Once the waf rule was added to that RouteTable, both endpoints from each RouteTable continued to work, although I guess the waf rule was not being respected
When I restarted the gateway-proxy pod, both endpoints started returning 404 NR
As soon as I removed the waf rule from the RouteTable, both endpoints started working again with 200. No need for pod restarts
Expected Behavior
Don' break routing of new gateway pods
Additional Context
No response
The text was updated successfully, but these errors were encountered:
Some additional context: After you've applied an incorrect WAF policy:
There are no errors or warnings in the logs of the gloo pod.
Adding new virtual services does not work. Configuration does not get applied and routes are not available.
Existing virtualservices continue to work, including their existing, correctly configured, WAF policies.
VirtualService CR shows the incorrect WAF policy, and the status of the CR is Accepted. Nothing indicates that there is something wrong with the CR.
After fixing the incorrect WAF policy in your VirtualService or Routetable, all other VirtualServices that were applied when the system was in a bad state start working without having to reapply their CRs.
Also note that the gateway-proxy log keeps printing the warning:
[2024-02-05 15:14:04.245][1][warning][config] [external/envoy/source/common/config/grpc_subscription_impl.cc:128] gRPC config for type.googleapis.com/envoy.config.route.v3.RouteConfiguration rejected: Rules error. File: <<reference missing or not informed>>. Line: 3. Column: 19.
... until you resolve the invalid WAF policy configuration.
Gloo Edge Version
1.14.x (latest stable)
Kubernetes Version
None
Describe the bug
If you apply a waf policy to any of your routes which is not in a good state, you get the following message:
And every new gateway pod that comes in place won't be able to get any dynamic_routes, as routing will get broken, so if you have this in place and then restart any gateway pod you will get the behavior reproduced
Steps to reproduce the bug
Example of WAF policy that would break routing:
The cluster had a virtualService that matched with the rt: app label and also another simple RouteTable with no WAF rule on a different endpoint /.
Once the waf rule was added to that RouteTable, both endpoints from each RouteTable continued to work, although I guess the waf rule was not being respected
When I restarted the gateway-proxy pod, both endpoints started returning 404 NR
As soon as I removed the waf rule from the RouteTable, both endpoints started working again with 200. No need for pod restarts
Expected Behavior
Don' break routing of new gateway pods
Additional Context
No response
The text was updated successfully, but these errors were encountered: