船长 https 休息端点请求返回 http url [英] Skipper https rest end point requests returning http urls
问题描述
我正在尝试使用 Spring 云数据流流的 poc,并使应用程序 iis 在 Pivotal Cloud Foundry 中运行.在 kubernetes 中尝试相同并且 spring 数据流服务器仪表板未加载.调试该问题并发现根本原因是当仪表板加载时,它试图点击 Skipper 休息端点/api 并返回带有以下网址的响应船长中的其他端点,但返回 url 都在 http 中.如何强制船长返回 https url 而不是 http?以下是我尝试卷曲相同端点时的响应.
C:>curl -k https:///api
<块引用>船长的回应
<代码>{_链接":{存储库":{"href" : "http:///api/repositories{?page,size,sort}",模板化":true},部署者":{"href" : "http:///api/deployers{?page,size,sort}",模板化":true},发布":{"href" : "http:///api/releases{?page,size,sort}",模板化":true},包元数据":{"href" : "**http:///api/packageMetadata{?page,size,sort,projection}**",模板化":true},关于":{"href" : "http:///api/about"},释放":{"href" : "http:///api/release"},包":{"href" : "http:///api/package"},个人资料":{"href" : "http:///api/profile"}}} <块引用>
kubernetes 部署 yml
apiVersion:networking.k8s.io/v1种类:网络策略元数据:名称:船长服务器网络策略规格:pod选择器:匹配标签:应用程序:船长服务器入口:- 来自:- 命名空间选择器:匹配标签:gkp_namespace: ingress-nginx出口:- {}政策类型:- 入口- 出口---api版本:v1种类:秘密元数据:名称:poc-secret数据:.dockerconfigjson: ewogICJhdXRocyI6---api 版本:应用程序/v1种类:部署元数据:名称:船长服务器标签:应用程序:船长服务器规格:复制品:1选择器:匹配标签:应用程序:船长服务器模板:元数据:标签:应用程序:船长服务器注释:kubernetes.io/psp:非root规格:容器:- 名称:船长服务器图像:<image_path>imagePullPolicy:始终端口:- 容器端口:7577协议:TCP资源:限制:中央处理器:4"内存:2Gi要求:中央处理器:25m内存:1Gi安全上下文:以用户身份运行:99imagePullSecrets:- 名称:poc-secret服务帐号:spark服务帐户名称:spark---api版本:v1种类:服务元数据:名称:船长服务器标签:应用程序:船长服务器规格:端口:- 端口:80目标端口:7577协议:TCP名称:http选择器:应用程序:船长服务器---apiVersion: 扩展/v1beta1种类:入口元数据:名称:船长服务器注释:ingress.kubernetes.io/ssl-passthrough:真"ingress.kubernetes.io/secure-backends:真"kubernetes.io/ingress.allow.http: truekubernetes.io/ingress.class: nginxnginx.ingress.kubernetes.io/force-ssl-redirect:真"规格:规则:- 主持人:"网址:路径:- 路径:/后端:服务名称:船长服务器服务端口:80网址:- 主持人:- "<skipper_url>" <块引用>
船长应用程序.properties
spring.datasource.url=jdbc:h2:mem:testdbspring.datasource.driverClassName=org.h2.Driverspring.datasource.username=saspring.datasource.password=spring.server.use-forward-headers=true根本原因是船长/api 端点返回/deployer 和 kubernetes 入口的 http url 尝试重定向并因 308 错误而被阻止.在下面添加到船长环境属性,这解决了这个问题.
部署
apiVersion: apps/v1种类:部署元数据:名称:船长服务器规格:容器:环境:- 名称:server.tomcat.internal-proxies"值:.*"- 名称:server.use-forward-headers"值:真"**入口
apiVersion: extensions/v1beta1种类:入口元数据:名称:船长服务器注释:**nginx.ingress.kubernetes.io/ssl-redirect: 假**I am trying a poc with Spring cloud dataflow streams and have the the application iis running in Pivotal Cloud Foundry. Trying the same in kubernetes and the spring dataflow server dashboard is not loading.Debugged the issue and found the root cause is when the dashboard is loaded, its trying to hit the Skipper rest end point /api and this returns a response with the urls of other end points in skipper but the return urls are all in http. How can i force skipper to return https urls instead of http? Below is the response when i try to curl the same endpoints .
C:>curl -k https:///api
RESPONSE FROM SKIPPER
{
"_links" : {
"repositories" : {
"href" : "http://<skipper_url>/api/repositories{?page,size,sort}",
"templated" : true
},
"deployers" : {
"href" : "http://<skipper_url>/api/deployers{?page,size,sort}",
"templated" : true
},
"releases" : {
"href" : "http://<skipper_url>/api/releases{?page,size,sort}",
"templated" : true
},
"packageMetadata" : {
"href" : "**http://<skipper_url>/api/packageMetadata{?page,size,sort,projection}**",
"templated" : true
},
"about" : {
"href" : "http://<skipper_url>/api/about"
},
"release" : {
"href" : "http://<skipper_url>/api/release"
},
"package" : {
"href" : "http://<skipper_url>/api/package"
},
"profile" : {
"href" : "http://<skipper_url>/api/profile"
}
}
}
kubernetes deployment yml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: skipper-server-network-policy
spec:
podSelector:
matchLabels:
app: skipper-server
ingress:
- from:
- namespaceSelector:
matchLabels:
gkp_namespace: ingress-nginx
egress:
- {}
policyTypes:
- Ingress
- Egress
---
apiVersion: v1
kind: Secret
metadata:
name: poc-secret
data:
.dockerconfigjson: ewogICJhdXRocyI6
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: skipper-server
labels:
app: skipper-server
spec:
replicas: 1
selector:
matchLabels:
app: skipper-server
template:
metadata:
labels:
app: skipper-server
annotations:
kubernetes.io/psp: nonroot
spec:
containers:
- name: skipper-server
image: <image_path>
imagePullPolicy: Always
ports:
- containerPort: 7577
protocol: TCP
resources:
limits:
cpu: "4"
memory: 2Gi
requests:
cpu: 25m
memory: 1Gi
securityContext:
runAsUser: 99
imagePullSecrets:
- name: poc-secret
serviceAccount: spark
serviceAccountName: spark
---
apiVersion: v1
kind: Service
metadata:
name: skipper-server
labels:
app: skipper-server
spec:
ports:
- port: 80
targetPort: 7577
protocol: TCP
name: http
selector:
app: skipper-server
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: skipper-server
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
ingress.kubernetes.io/secure-backends: "true"
kubernetes.io/ingress.allow.http: true
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: "<skipper_url>"
http:
paths:
- path: /
backend:
serviceName: skipper-server
servicePort: 80
tls:
- hosts:
- "<skipper_url>"
SKIPPER APPLICATION.properties
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driverClassName=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=
spring.server.use-forward-headers=true
The root cause was skipper /api end point returning http urls for the /deployer and kubernetes ingress trying to redirect and getting blocked with a 308 error. Added below to skipper env properties and this fixed the issue.
DEPLOYMENT
apiVersion: apps/v1
kind: Deployment
metadata:
name: skipper-server
spec:
containers:
env:
- name: "server.tomcat.internal-proxies"
value: ".*"
- name: "server.use-forward-headers"
value: "true"**
INGRESS
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: skipper-server
annotations:
**nginx.ingress.kubernetes.io/ssl-redirect: false**
这篇关于船长 https 休息端点请求返回 http url的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
