fix(zoneproxies): check empty listeners (#7562)

Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
kumahq · Aug 23, 2023 · f24df81 · f24df81
1 parent 2641720
commit f24df81
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 38 deletions.
diff --git a/pkg/xds/generator/egress/generator.go b/pkg/xds/generator/egress/generator.go
@@ -3,6 +3,7 @@ package egress
 import (
 	"context"
 
+	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	"github.com/pkg/errors"
 
 	"github.com/kumahq/kuma/pkg/core"
@@ -89,14 +90,12 @@ func (g Generator) Generate(
 			resources.AddSet(rs)
 		}
 
-		// If the resources are empty after all generator pass, it means there is filter chain,
-		// if there is no filter chain there is no need to build a listener
-		if !resources.Empty() {
-			listener, err := listenerBuilder.Build()
-			if err != nil {
-				return nil, err
-			}
-
+		listener, err := listenerBuilder.Build()
+		if err != nil {
+			return nil, err
+		}
+		if len(listener.(*envoy_listener_v3.Listener).FilterChains) > 0 {
+			// Envoy rejects listener with no filter chains, so there is no point in sending it.
 			resources.Add(&core_xds.Resource{
 				Name:     listener.GetName(),
 				Origin:   OriginEgress,

diff --git a/pkg/xds/generator/ingress_generator.go b/pkg/xds/generator/ingress_generator.go
@@ -4,12 +4,12 @@ import (
 	"context"
 	"sort"
 
+	envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	"golang.org/x/exp/maps"
 
 	mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1"
 	core_xds "github.com/kumahq/kuma/pkg/core/xds"
 	xds_context "github.com/kumahq/kuma/pkg/xds/context"
-	envoy_common "github.com/kumahq/kuma/pkg/xds/envoy"
 	envoy_listeners "github.com/kumahq/kuma/pkg/xds/envoy/listeners"
 	"github.com/kumahq/kuma/pkg/xds/generator/zoneproxy"
 )
@@ -65,22 +65,17 @@ func (i IngressGenerator) Generate(
 		zoneproxy.AddFilterChains(availableSvcsByMesh[meshName], proxy.APIVersion, listenerBuilder, dest, mr.EndpointMap)
 	}
 
-	if len(proxy.ZoneIngressProxy.ZoneIngressResource.Spec.AvailableServices) == 0 {
-		listenerBuilder = listenerBuilder.
-			Configure(envoy_listeners.FilterChain(
-				envoy_listeners.NewFilterChainBuilder(proxy.APIVersion, envoy_common.AnonymousResource),
-			))
-	}
-
 	listener, err := listenerBuilder.Build()
 	if err != nil {
 		return nil, err
 	}
-	resources.Add(&core_xds.Resource{
-		Name:     listener.GetName(),
-		Origin:   OriginIngress,
-		Resource: listener,
-	})
+	if len(listener.(*envoy_listener_v3.Listener).FilterChains) > 0 {
+		resources.Add(&core_xds.Resource{
+			Name:     listener.GetName(),
+			Origin:   OriginIngress,
+			Resource: listener,
+		})
+	}
 
 	return resources, nil
 }
diff --git a/pkg/xds/generator/testdata/ingress/02.envoy.golden.yaml b/pkg/xds/generator/testdata/ingress/02.envoy.golden.yaml
@@ -1,17 +1 @@
-resources:
-- name: inbound:10.0.0.1:10001
-  resource:
-    '@type': type.googleapis.com/envoy.config.listener.v3.Listener
-    address:
-      socketAddress:
-        address: 10.0.0.1
-        portValue: 10001
-    enableReusePort: false
-    filterChains:
-    - {}
-    listenerFilters:
-    - name: envoy.filters.listener.tls_inspector
-      typedConfig:
-        '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
-    name: inbound:10.0.0.1:10001
-    trafficDirection: INBOUND
+{}