solo-io · davidjumani · Dec 24, 2024 · Jan 2, 2025 · Jan 2, 2025 · Jan 2, 2025
diff --git a/changelog/v1.19.0-beta3/fix-readiness-probe.yaml b/changelog/v1.19.0-beta3/fix-readiness-probe.yaml
@@ -0,0 +1,6 @@
+changelog:
+- type: FIX
+  issueLink: https://github.com/solo-io/gloo/issues/10541
+  resolvesIssue: false
+  description: Fixes a bug where the envoy pod passes the readiness probe before receving the xds config.
+
diff --git a/projects/gateway2/helm/gloo-gateway/templates/gateway/proxy-deployment.yaml b/projects/gateway2/helm/gloo-gateway/templates/gateway/proxy-deployment.yaml
@@ -439,45 +439,8 @@ data:
       metadata:
         role: gloo-kube-gateway-api~{{ $gateway.gatewayNamespace }}~{{ $gateway.gatewayNamespace }}-{{ $gateway.gatewayName | default (include "gloo-gateway.gateway.fullname" .) }}
     static_resources:
-      listeners:
-      - name: readiness_listener
-        address:
-          socket_address: { address: 0.0.0.0, port_value: 8082 }
-        filter_chains:
-          - filters:
-            - name: envoy.filters.network.http_connection_manager
-              typed_config:
-                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                stat_prefix: ingress_http
-                codec_type: AUTO
-                route_config:
-                  name: main_route
-                  virtual_hosts:
-                    - name: local_service
-                      domains: ["*"]
-                      routes:
-                        - match:
-                            path: "/ready"
-                            headers:
-                              - name: ":method"
-                                string_match:
-                                  exact: GET
-                          route:
-                            cluster: admin_port_cluster
-                http_filters:
-{{- if $gateway.readinessProbe }}
-                  - name: envoy.filters.http.health_check
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck
-                      pass_through_mode: false
-                      headers:
-                      - name: ":path"
-                        exact_match: "/envoy-hc"
-{{- end }}{{/*if $gateway.readinessProbe*/}}
-                  - name: envoy.filters.http.router
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
 {{- if $statsConfig.enabled }}
+      listeners:
       - name: prometheus_listener
         address:
           socket_address:
@@ -526,6 +489,8 @@ data:
                     - name: envoy.filters.http.router
                       typed_config:
                         "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+{{- else}}
+      listeners: []
 {{- end }} {{/* if $gateway.stats.enabled */}}
       clusters:
         - name: xds_cluster

diff --git a/projects/gateway2/setup/testdata/failover-default-diffns-out.yaml b/projects/gateway2/setup/testdata/failover-default-diffns-out.yaml
@@ -208,6 +208,59 @@ listeners:
         upgradeConfigs:
         - upgradeType: websocket
   name: http
+- address:
+    socketAddress:
+      address: '::'
+      ipv4Compat: true
+      portValue: 8082
+  filterChains:
+  - filters:
+    - name: envoy.filters.network.http_connection_manager
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+        httpFilters:
+        - name: envoy.filters.http.fault
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault
+        - name: envoy.filters.http.cors
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
+        - name: envoy.filters.http.local_ratelimit
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
+            stage: 3
+            statPrefix: http_local_ratelimit
+        - name: envoy.filters.http.grpc_web
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
+        - name: envoy.filters.http.health_check
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck
+            headers:
+            - exactMatch: /envoy-hc
+              name: :path
+            passThroughMode: false
+        - name: io.solo.transformation
+          typedConfig:
+            '@type': type.googleapis.com/envoy.api.v2.filter.http.FilterTransformations
+        - name: envoy.filters.http.csrf
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.csrf.v3.CsrfPolicy
+            filterEnabled:
+              defaultValue: {}
+        - name: envoy.filters.http.router
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        normalizePath: true
+        rds:
+          configSource:
+            ads: {}
+            resourceApiVersion: V3
+          routeConfigName: readiness_listener-routes
+        statPrefix: http
+        upgradeConfigs:
+        - upgradeType: websocket
+  name: readiness_listener
 routes:
 - ignorePortInHostMatching: true
   name: http-routes-14610285773269467959
@@ -222,3 +275,9 @@ routes:
       route:
         cluster: kube-svc:gwtest-reviews-8080_gwtest
         clusterNotFoundResponseCode: INTERNAL_SERVER_ERROR
+- ignorePortInHostMatching: true
+  name: readiness_listener-routes
+  virtualHosts:
+  - domains:
+    - '*'
+    name: local_service
diff --git a/projects/gateway2/setup/testdata/failover-default-out.yaml b/projects/gateway2/setup/testdata/failover-default-out.yaml
@@ -208,6 +208,59 @@ listeners:
         upgradeConfigs:
         - upgradeType: websocket
   name: http
+- address:
+    socketAddress:
+      address: '::'
+      ipv4Compat: true
+      portValue: 8082
+  filterChains:
+  - filters:
+    - name: envoy.filters.network.http_connection_manager
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+        httpFilters:
+        - name: envoy.filters.http.fault
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault
+        - name: envoy.filters.http.cors
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
+        - name: envoy.filters.http.local_ratelimit
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
+            stage: 3
+            statPrefix: http_local_ratelimit
+        - name: envoy.filters.http.grpc_web
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
+        - name: envoy.filters.http.health_check
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck
+            headers:
+            - exactMatch: /envoy-hc
+              name: :path
+            passThroughMode: false
+        - name: io.solo.transformation
+          typedConfig:
+            '@type': type.googleapis.com/envoy.api.v2.filter.http.FilterTransformations
+        - name: envoy.filters.http.csrf
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.csrf.v3.CsrfPolicy
+            filterEnabled:
+              defaultValue: {}
+        - name: envoy.filters.http.router
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        normalizePath: true
+        rds:
+          configSource:
+            ads: {}
+            resourceApiVersion: V3
+          routeConfigName: readiness_listener-routes
+        statPrefix: http
+        upgradeConfigs:
+        - upgradeType: websocket
+  name: readiness_listener
 routes:
 - ignorePortInHostMatching: true
   name: http-routes-14610285773269467959
@@ -222,3 +275,9 @@ routes:
       route:
         cluster: kube-svc:gwtest-reviews-8080_gwtest
         clusterNotFoundResponseCode: INTERNAL_SERVER_ERROR
+- ignorePortInHostMatching: true
+  name: readiness_listener-routes
+  virtualHosts:
+  - domains:
+    - '*'
+    name: local_service
diff --git a/projects/gateway2/setup/testdata/failover-out.yaml b/projects/gateway2/setup/testdata/failover-out.yaml
@@ -207,6 +207,59 @@ listeners:
         upgradeConfigs:
         - upgradeType: websocket
   name: http
+- address:
+    socketAddress:
+      address: '::'
+      ipv4Compat: true
+      portValue: 8082
+  filterChains:
+  - filters:
+    - name: envoy.filters.network.http_connection_manager
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+        httpFilters:
+        - name: envoy.filters.http.fault
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault
+        - name: envoy.filters.http.cors
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
+        - name: envoy.filters.http.local_ratelimit
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
+            stage: 3
+            statPrefix: http_local_ratelimit
+        - name: envoy.filters.http.grpc_web
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
+        - name: envoy.filters.http.health_check
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck
+            headers:
+            - exactMatch: /envoy-hc
+              name: :path
+            passThroughMode: false
+        - name: io.solo.transformation
+          typedConfig:
+            '@type': type.googleapis.com/envoy.api.v2.filter.http.FilterTransformations
+        - name: envoy.filters.http.csrf
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.csrf.v3.CsrfPolicy
+            filterEnabled:
+              defaultValue: {}
+        - name: envoy.filters.http.router
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        normalizePath: true
+        rds:
+          configSource:
+            ads: {}
+            resourceApiVersion: V3
+          routeConfigName: readiness_listener-routes
+        statPrefix: http
+        upgradeConfigs:
+        - upgradeType: websocket
+  name: readiness_listener
 routes:
 - ignorePortInHostMatching: true
   name: http-routes-14610285773269467959
@@ -221,3 +274,9 @@ routes:
       route:
         cluster: kube-svc:gwtest-reviews-8080_gwtest
         clusterNotFoundResponseCode: INTERNAL_SERVER_ERROR
+- ignorePortInHostMatching: true
+  name: readiness_listener-routes
+  virtualHosts:
+  - domains:
+    - '*'
+    name: local_service
diff --git a/projects/gateway2/setup/testdata/happypath-out.yaml b/projects/gateway2/setup/testdata/happypath-out.yaml
@@ -157,6 +157,59 @@ listeners:
         upgradeConfigs:
         - upgradeType: websocket
   name: http
+- address:
+    socketAddress:
+      address: '::'
+      ipv4Compat: true
+      portValue: 8082
+  filterChains:
+  - filters:
+    - name: envoy.filters.network.http_connection_manager
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+        httpFilters:
+        - name: envoy.filters.http.fault
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault
+        - name: envoy.filters.http.cors
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
+        - name: envoy.filters.http.local_ratelimit
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
+            stage: 3
+            statPrefix: http_local_ratelimit
+        - name: envoy.filters.http.grpc_web
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
+        - name: envoy.filters.http.health_check
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck
+            headers:
+            - exactMatch: /envoy-hc
+              name: :path
+            passThroughMode: false
+        - name: io.solo.transformation
+          typedConfig:
+            '@type': type.googleapis.com/envoy.api.v2.filter.http.FilterTransformations
+        - name: envoy.filters.http.csrf
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.csrf.v3.CsrfPolicy
+            filterEnabled:
+              defaultValue: {}
+        - name: envoy.filters.http.router
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        normalizePath: true
+        rds:
+          configSource:
+            ads: {}
+            resourceApiVersion: V3
+          routeConfigName: readiness_listener-routes
+        statPrefix: http
+        upgradeConfigs:
+        - upgradeType: websocket
+  name: readiness_listener
 routes:
 - ignorePortInHostMatching: true
   name: http-routes-14610285773269467959
@@ -171,3 +224,9 @@ routes:
       route:
         cluster: kube-svc:gwtest-reviews-8080_gwtest
         clusterNotFoundResponseCode: INTERNAL_SERVER_ERROR
+- ignorePortInHostMatching: true
+  name: readiness_listener-routes
+  virtualHosts:
+  - domains:
+    - '*'
+    name: local_service