-
Type:
Bug
-
Resolution: Works as Designed
-
Priority:
Unknown
-
None
-
Affects Version/s: 1.10.2
-
Component/s: None
-
None
Summary
Unable to connect though an envoy proxy to a mongodb cluster.
Mongodb: ReplicaSetNoPrimary.
Driver: 1.10.2
How to Reproduce
The desiderata configuration on the application we would like to obtain is
DB_MONGO_URL='mongodb://localhost:27017/database?authMechanism=MONGODB-X509'
All the certificates/keys should be managed by the envoy-proxy.
Envoy version:
docker.io/envoyproxy/envoy:v1.16.0
We are getting a timeout connecting.
Additional Background
Yaml configuration for envoy
static_resources: listeners: - address: socket_address: address: 0.0.0.0 port_value: 27017 filter_chains: - filters: - name: envoy.mongo_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy stat_prefix: mongo_proxy - name: envoy.tcp_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: tcp_proxy cluster: mongo idle_timeout: 7300s clusters: - name: mongo connect_timeout: 0.25s type: strict_dns lb_policy: round_robin hosts: - socket_address: address: mongotest port_value: 27017 transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext common_tls_context: tls_certificates: certificate_chain: { "filename": "/etc/envoy/mongo.pem" } private_key: { "filename": "/etc/envoy/mongo.pem" } validation_context: trusted_ca: filename: /etc/envoy/ca.crt admin: access_log_path: "/dev/null" address: socket_address: address: 0.0.0.0 port_value: 8001