contour: "Invalid schema: #/properties/admin/properties/address" starting envoy trying to run contour with an AWS NLB + SNI

I’m trying to get Contour running behind an AWS NLB (Contour on every node as a DaemonSet, nlb routing to it), with SNI enabled / available. Currently when I try to start contour, the envoy container in the pod fails with the message below:

2018-01-09T20:49:44.029128893Z [2018-01-09 20:49:44.028][1][info][main] source/server/server.cc:185] initializing epoch 0 (hot restart version=9.200.16384.127)
2018-01-09T20:49:44.030959585Z [2018-01-09 20:49:44.030][1][critical][main] source/server/server.cc:72] error initializing configuration '/config/contour.yaml': JSON at lines 0-0 does not conform to schema.
2018-01-09T20:49:44.030973102Z  Invalid schema: #/properties/admin/properties/address
2018-01-09T20:49:44.030976606Z  Schema violation: type
2018-01-09T20:49:44.0309796Z  Offending document key: #/admin/address

Contour container logs:

2018-01-09T20:43:55.775906688Z 2018/01/09 20:43:55 args: [serve --incluster]
2018-01-09T20:43:55.782874808Z 2018/01/09 20:43:55 watch(endpoints): started
2018-01-09T20:43:55.783410261Z 2018/01/09 20:43:55 buffer.loop: started
2018-01-09T20:43:55.783419089Z 2018/01/09 20:43:55 watch(services): started
2018-01-09T20:43:55.783936195Z 2018/01/09 20:43:55 watch(secrets): started
2018-01-09T20:43:55.784631385Z 2018/01/09 20:43:55 watch(ingresses): started
2018-01-09T20:43:55.786339245Z 2018/01/09 20:43:55 JSONAPI: started, listening on 127.0.0.1:8000
2018-01-09T20:43:55.786347783Z 2018/01/09 20:43:55 gRPCAPI: started
2018-01-09T20:43:55.86227247Z 2018/01/09 20:43:55 translator: ignoring secret heptio-contour/default-token-05mhw
2018-01-09T20:43:55.862301572Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/default-token-lgw16
2018-01-09T20:43:55.862306113Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/disruption-controller-token-787dh
2018-01-09T20:43:55.862309095Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/dns-controller-token-3qbkn
2018-01-09T20:43:55.862312027Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/endpoint-controller-token-7pjr6
2018-01-09T20:43:55.862318415Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/horizontal-pod-autoscaler-token-dm6g6
2018-01-09T20:43:55.862321293Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/namespace-controller-token-986qf
2018-01-09T20:43:55.862324032Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/pod-garbage-collector-token-x47b4
2018-01-09T20:43:55.862326813Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/route-controller-token-tvztc
2018-01-09T20:43:55.862329492Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/generic-garbage-collector-token-2vpzp
2018-01-09T20:43:55.862332127Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/job-controller-token-bnz1h
2018-01-09T20:43:55.862334812Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/kube-proxy-token-9btpt
2018-01-09T20:43:55.862340266Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/certificate-controller-token-0h541
2018-01-09T20:43:55.862342995Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/kube-dns-autoscaler-token-7d49c
2018-01-09T20:43:55.862345631Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/persistent-volume-binder-token-c95mq
2018-01-09T20:43:55.862348354Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/replication-controller-token-7vcrk
2018-01-09T20:43:55.862350988Z 2018/01/09 20:43:55 translator: ignoring secret default/default-token-125k8
2018-01-09T20:43:55.862353641Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/replicaset-controller-token-kmx9x
2018-01-09T20:43:55.862356323Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/statefulset-controller-token-fv7zh
2018-01-09T20:43:55.862370014Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/ttl-controller-token-4bdqx
2018-01-09T20:43:55.865076651Z 2018/01/09 20:43:55 translator: ignoring secret heptio-contour/contour-token-4b0b9
2018-01-09T20:43:55.865087362Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/daemon-set-controller-token-n87hl
2018-01-09T20:43:55.865090432Z 2018/01/09 20:43:55 translator: ignoring secret kube-public/default-token-thhgt
2018-01-09T20:43:55.865093169Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/deployment-controller-token-p584n
2018-01-09T20:43:55.86509593Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/kube-dns-token-srg21
2018-01-09T20:43:55.865098933Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/resourcequota-controller-token-t7nx6
2018-01-09T20:43:55.865101645Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/service-account-controller-token-c4cvg
2018-01-09T20:43:55.865107049Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/controller-discovery-token-p114x
2018-01-09T20:43:55.865109683Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/cronjob-controller-token-9lt8t
2018-01-09T20:43:55.865112418Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/node-controller-token-rsjgq
2018-01-09T20:43:55.865115016Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/service-controller-token-2fm8l
2018-01-09T20:43:55.865117706Z 2018/01/09 20:43:55 translator: ignoring secret kube-system/attachdetach-controller-token-4pcls

my 02-contour.yaml (adapted from the DaemonSet and grpc v2 examples:

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  labels:
    app: contour
  name: contour
  namespace: heptio-contour
spec:
  selector:
    matchLabels:
      app: contour
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: contour
    spec:
      hostNetwork: true
      containers:
      - image: docker.io/envoyproxy/envoy-alpine:latest
        name: envoy
        ports:
        - containerPort: 8080
          name: http
        - containerPort: 8443
          name: https
        command: ["envoy"]
        args: ["-c", "/config/contour.yaml", "--service-cluster", "cluster0", "--service-node", "node0", "-l", "info"]
        volumeMounts:
        - name: contour-config
          mountPath: /config
      - image: gcr.io/heptio-images/contour:master
        imagePullPolicy: Always
        ports:
        - containerPort: 8000
          name: contour
        name: contour
        command: ["contour"]
        args: ["serve", "--incluster"]
        volumeMounts:
        - name: contour-config
          mountPath: /config
      initContainers:
      - image: gcr.io/heptio-images/contour:master
        imagePullPolicy: Always
        name: envoy-initconfig
        command: ["contour"]
        args: ["bootstrap", "/config/contour.yaml"]
        volumeMounts:
        - name: contour-config
          mountPath: /config
      volumes:
      - name: contour-config
        emptyDir: {}
      dnsPolicy: ClusterFirst
      serviceAccountName: contour
      terminationGracePeriodSeconds: 30
---

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 16 (8 by maintainers)

Commits related to this issue

internal/contour: add grpc_services stanza to defaultListener Updates #136 Backport of the grpc_services addition from #136. Signed-off-by: Dave Cheney <dave@cheney.net> — committed to davecheney/contour by davecheney 6 years ago
Merge pull request #140 from davecheney/issue-136-release-0.2 Backport fix fir #136 to release-0.2 — committed to projectcontour/contour by davecheney 6 years ago

Most upvoted comments

@cmaloney thanks for your patience. The fix has been committed to master and is available in the gcr.io/heptio-images/contour:master image now.

In testing on my cluster this change has fixed the invalid configuration. Please reopen if the issue persists for you.

davecheney on Jan 11, 2018