Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected port number increase in Standalone mode #4981

Closed
dshatokhin opened this issue Dec 30, 2024 · 5 comments · Fixed by #5027
Closed

Unexpected port number increase in Standalone mode #4981

dshatokhin opened this issue Dec 30, 2024 · 5 comments · Fixed by #5027
Labels
kind/bug Something isn't working

Comments

@dshatokhin
Copy link

Description:
I'm trying to run envoy-gateway in standalone mode inside docker container with host network.

I've created Gateway resource with port 80:

spec:
  listeners:
  - name: http-80
    protocol: HTTP
    port: 80

But envoy-gateway logs say it runs envoy with port 10080:

{
  "http":[
    {
      "name":"envoy-gateway-system/compose/http-80",
      "address":"0.0.0.0",
      "port":10080
    }
  ]
}

I found this in internal/gatewayapi/helpers.go:

// If the service port is a privileged port (1-1023)
// add a constant to the value converting it into an ephemeral port.
// This allows the container to bind to the port without needing a
// CAP_NET_BIND_SERVICE capability.
if servicePort < minEphemeralPort {
	return servicePort + wellKnownPortShift
}
return servicePort

Both minEphemeralPort and wellKnownPortShift are const so I can't change this behavior via settings.

The idea to run less privileged container is nice and I see how in kubernetes cluster it will be working as expected in almost all situations but in my case (host network) it means I unable to use envoy-gateway with the ports I need and I was not expecting ports will be changed to something else.

Should it be available as some sort of a setting?
@arkodg
Copy link
Contributor

arkodg commented Dec 31, 2024

hey @dshatokhin you need to set useListenerPortAsContainerPort: true https://gateway.envoyproxy.io/docs/api/extension_types/#envoyproxykubernetesprovider in the EnvoyProxy API to solve your use case

@zhaohuabing
Copy link
Member

you need to set useListenerPortAsContainerPort: true

Oops, I missed this option ...

@zhaohuabing zhaohuabing reopened this Dec 31, 2024
@zhaohuabing
Copy link
Member

zhaohuabing commented Dec 31, 2024
edited
Loading

Reopen this - we may want to set this as true by default in the host mode.

@dshatokhin
Copy link
Author

It works, thanks for help!

I now think there is a room for improvement in the docs and codebase, because I completely overlooked any settings for Kubernetes provider due to focus on Custom one - I have 2 objects:

  • EnvoyGateway object with provider.type: Custom
  • EnvoyProxy object with spec.provider.type: Kubernetes

Given the experimental status of standalone mode it's totally understandable ☺️

arkodg added a commit to arkodg/gateway that referenced this issue Jan 9, 2025
@arkodg
fix: dont shift listener ports for Standalone mode
b1c7348 
Fixes: envoyproxy#4981

Signed-off-by: Arko Dasgupta <[email protected]>
@arkodg arkodg mentioned this issue Jan 9, 2025
Merged
@arkodg arkodg added kind/bug Something isn't working and removed triage labels Jan 9, 2025
@arkodg
Copy link
Contributor

arkodg commented Jan 9, 2025

thanks for re flagging this @zhaohuabing, my suggestion is a workaround, this should work seamlessly in standalone mode, raised #5027 to address it

zirain pushed a commit to arkodg/gateway that referenced this issue Jan 10, 2025
@arkodg @zirain
fix: dont shift listener ports for Standalone mode
c810873 
Fixes: envoyproxy#4981

Signed-off-by: Arko Dasgupta <[email protected]>
zhaohuabing pushed a commit to zhaohuabing/gateway that referenced this issue Jan 10, 2025
@arkodg @zhaohuabing
fix: dont shift listener ports for Standalone mode (envoyproxy#5027)
db82448 
* fix: dont shift listener ports for Standalone mode

Fixes: envoyproxy#4981

Signed-off-by: Arko Dasgupta <[email protected]>

* test

Signed-off-by: Arko Dasgupta <[email protected]>

* fix lint

Signed-off-by: Arko Dasgupta <[email protected]>

---------

Signed-off-by: Arko Dasgupta <[email protected]>
(cherry picked from commit 84f2ad2)
Signed-off-by: Huabing Zhao <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: dont shift listener ports for Standalone mode arkodg/gateway
3 participants
@zhaohuabing @dshatokhin @arkodg