What is the port of the consul data plane sidecar to which we can connect to?
Previously we used to connect to the envoy sidecar with port 20000 but it not currently working in consul data plane
Could you share more details on what you are trying to do? The port 20000, usually on the sidecar, is the envoy public_listener, which accepts connections from the downstream services to the application the proxy represents. This also, by default, expects the request to authenticate using mTLS.
If you have consul-k8s cli, you can run the following command to list active listeners on the sidecar
eg:
$ consul-k8s proxy read static-client-6ffd77cd9-6hvfq -listeners
Envoy configuration for static-client-6ffd77cd9-6hvfq in namespace default:
==> Listeners (2)
Name Address:Port Direction Filter Chain Match Filters Last Updated
public_listener 10.42.0.18:20000 INBOUND Any RBAC: 2024-01-31T11:36:33.792Z
TCP: -> local_app
static-server?dc=dc2 127.0.0.1:8080 OUTBOUND Any TCP: -> static-server 2024-01-31T11:36:33.794Z
In Consul 1.13 when envoy side cars are attached we used to perform the a check to see if the side car exists or not by connecting to it using 20000 port
When we try to do the same with 1.14 with dataplane we are getting connection timeout error
As you can see from the output I posted previously, port 20000 remains the same even with the data plane.
Please verify whether the containers in the pods are healthy or not. Also, use the consul-k8s CLI and try to list the listeners in the pod. In addition, I can look at the logs (from the consul-dataplane container) if you share them here and see if I can find what is wrong.
If the default log level is not giving enough information, use the consul-k8s proxy log command to bump us the log level to debug before exporting the logs.
eg:
$ consul-k8s proxy log static-client-6ffd77cd9-ljsrc -update-level debug
@Ranjandas The container and pods are up and running fine. Attached are the logs from the dataplane container. Log level in info
dataplane-logs.txt (21.2 KB)
The log shows that the public_listener is listening on port 20000.
2024-02-05T09:26:20.394Z+00:00 [info] envoy.upstream(15) lds: add/update listener 'public_listener:10.204.3.205:20000'
So I would say it is working as expected, and I would request you to verify whether the connectivity check you are doing has some gap or not.
Hi @Ranjandas
I have enabled the debug logs in the sidecar container and found below things
When I make telnet connection to 20000 port getting the highlighted error. Guessing dataplane is rejecting the request
sh-4.4# telnet 10.204.11.25 20000
Trying 10.204.11.25…
Connected to 10.204.11.25.
Escape character is ‘^]’.
Connection closed by foreign host
I also found some logs from dataplane container during that telnet command execution.
2024-02-06T07:49:09.062Z+00:00 [debug] envoy.connection(28) [C380] delayed connect error: 111
2024-02-06T07:49:09.062Z+00:00 [debug] envoy.connection(28) [C380] closing socket: 0
2024-02-06T07:49:09.062Z+00:00 [debug] envoy.pool(28) [C380] client disconnected, failure reason: delayed connect error: 111
Below is the readiness probe in dataplane container
Readiness: tcp-socket :20000 delay=1s timeout=1s period=10s #success=1 #failure=3
If it can connect and check why the telnet is failing?