Details
-
Bug
-
Resolution: Works as Designed
-
Unknown
-
None
-
1.10.2
-
None
-
None
Description
Summary
Unable to connect though an envoy proxy to a mongodb cluster.
Mongodb: ReplicaSetNoPrimary.
Driver: 1.10.2
How to Reproduce
The desiderata configuration on the application we would like to obtain is
DB_MONGO_URL='mongodb://localhost:27017/database?authMechanism=MONGODB-X509' |
All the certificates/keys should be managed by the envoy-proxy.
Envoy version:
docker.io/envoyproxy/envoy:v1.16.0
We are getting a timeout connecting.
Additional Background
Yaml configuration for envoy
static_resources:
|
listeners:
|
- address:
|
socket_address:
|
address: 0.0.0.0 |
port_value: 27017 |
filter_chains:
|
- filters:
|
- name: envoy.mongo_proxy
|
typed_config:
|
"@type": type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy |
stat_prefix: mongo_proxy
|
- name: envoy.tcp_proxy
|
typed_config:
|
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy |
stat_prefix: tcp_proxy
|
cluster: mongo
|
idle_timeout: 7300s
|
clusters:
|
- name: mongo
|
connect_timeout: 0.25s |
type: strict_dns
|
lb_policy: round_robin
|
hosts:
|
- socket_address:
|
address: mongotest
|
port_value: 27017 |
transport_socket:
|
name: envoy.transport_sockets.tls
|
typed_config:
|
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext |
common_tls_context:
|
tls_certificates:
|
certificate_chain: { "filename": "/etc/envoy/mongo.pem" } |
private_key: { "filename": "/etc/envoy/mongo.pem" } |
validation_context:
|
trusted_ca:
|
filename: /etc/envoy/ca.crt
|
admin:
|
access_log_path: "/dev/null" |
address:
|
socket_address:
|
address: 0.0.0.0 |
port_value: 8001 |
|