[09:12:17] claime: I've deployed the noc envoy config and I'm now getting 503 responses from envoy. _scratches head_ [09:13:19] I wonder if I have to explicitly define the upstream to `mw-misc.discovery.wmnet` [09:17:57] Ok, seems like I need `sets_sni: true` AND `http_host: noc.wikimedia.org` [09:18:02] >>> requests.get("http://envoy:6509/conf/dblists/open.dblist") [09:18:03] [09:30:16] uhhhh [09:30:18] Sorry...I was wondering about that as well [09:30:22] how [09:30:40] because without, envoy will not send SNI to upstream [09:30:53] 79 │ <%- if @listener['sets_sni'] && !@listener['http_host'] -%> [09:31:03] ah so no auto_host_rewrite [09:31:06] but as you said you tested that config I refraing LD [09:31:19] *refrained [09:31:23] aaaah [09:31:40] ok there's another bit of the config in modules/profile/templates/services_proxy/envoy_service_cluster.yaml.erb [09:31:49] I think there is a block down somwhere where envoy set's sni: Upstream.address [09:31:50] that I didn't change when testing manually [09:38:25] ah, makes sense [10:24:41] I'm glad it makes sense for you. I feel like the labrador in the meme [10:24:41] I think we could even get away with sets_sni in the transport_socket config, and nothing in the route [10:24:41] letting the caller specify the host [10:24:55] (not possible right now, it's either http_host that forces you into a host, or auto_host_rewrite that rewrites the header to the sni value) [10:28:08] unrelated, but I'm seeing the following error message when running puppet on the deployment server [10:28:08] Error: Could not update: undefined method `strip' for nil:NilClass [10:28:08] Error: /Stage[main]/K8s::Client/K8s::Package[kubectl-1.31]/Package[kubernetes-client131]/ensure: change from 'purged' to '>=1.31 <1.32' failed: Could not update: undefined method `strip' for nil:NilClass [10:28:22] it does not seem to prevent puppet from running to completion [10:32:23] brouberol: that's me - revert is just coming in [10:39:46] 👍