Open
Description
It is stated here that the XDS gRPC in the CP should be blocked with --grpcAddr="".
Nevertheless, by doing that, the plain text xDS just multiplexes to port 8080, as per the code.
I was able to reproduce the multiplexing of plaintext grpc by adding --'grpcAddr=' and calling a grpc endpoint like:
~ grpcurl -plaintext \
-d '{"node": {"id": "sidecar~127.0.0.1~test~cluster.local"}, "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener"}' \
localhost:8080 envoy.service.discovery.v3.AggregatedDiscoveryService/StreamAggregatedResources
{
"versionInfo": "2025-05-13T01:56:59Z/3",
"resources": [
{
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"address": {
"socketAddress": {
"address": "10.96.195.172",
"portValue": 443
}
},
... [truncated]
This issue was raised here with a closure message probably not yet included in the Site.
We may want to make sure the recommendation is framed within costinm clarification.