Skipper https rest end point requests returning http urls

て烟熏妆下的殇ゞ 提交于 2020-03-05 03:10:29

问题


I am trying a poc with Spring cloud dataflow streams and have the the application iis running in Pivotal Cloud Foundry. Trying the same in kubernetes and the spring dataflow server dashboard is not loading.Debugged the issue and found the root cause is when the dashboard is loaded, its trying to hit the Skipper rest end point /api and this returns a response with the urls of other end points in skipper but the return urls are all in http. How can i force skipper to return https urls instead of http? Below is the response when i try to curl the same endpoints .

C:>curl -k https:///api

RESPONSE FROM SKIPPER

{
  "_links" : {
    "repositories" : {
      "href" : "http://<skipper_url>/api/repositories{?page,size,sort}",
      "templated" : true
    },
    "deployers" : {
      "href" : "http://<skipper_url>/api/deployers{?page,size,sort}",
      "templated" : true
    },
    "releases" : {
      "href" : "http://<skipper_url>/api/releases{?page,size,sort}",
      "templated" : true
    },
    "packageMetadata" : {
      "href" : "**http://<skipper_url>/api/packageMetadata{?page,size,sort,projection}**",
      "templated" : true
    },
    "about" : {
      "href" : "http://<skipper_url>/api/about"
    },
    "release" : {
      "href" : "http://<skipper_url>/api/release"
    },
    "package" : {
      "href" : "http://<skipper_url>/api/package"
    },
    "profile" : {
      "href" : "http://<skipper_url>/api/profile"
    }
  }
}

kubernetes deployment yml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: skipper-server-network-policy
spec:
  podSelector:
    matchLabels:
      app: skipper-server
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              gkp_namespace: ingress-nginx
  egress:
    - {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: v1
kind: Secret
metadata:
  name: poc-secret
data:
  .dockerconfigjson: ewogICJhdXRocyI6
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: skipper-server
  labels:
    app: skipper-server
spec:
  replicas: 1
  selector:
    matchLabels:
      app: skipper-server
  template:
    metadata:
      labels:
        app: skipper-server
      annotations:
        kubernetes.io/psp: nonroot
    spec:
      containers:
        - name: skipper-server
          image: <image_path>
          imagePullPolicy: Always
          ports:
            - containerPort: 7577
              protocol: TCP
          resources:
            limits:
              cpu: "4"
              memory: 2Gi
            requests:
              cpu: 25m
              memory: 1Gi
          securityContext:
            runAsUser: 99        

      imagePullSecrets:
        - name: poc-secret
      serviceAccount: spark
      serviceAccountName: spark
---
apiVersion: v1
kind: Service
metadata:
  name: skipper-server
  labels:
    app: skipper-server
spec:
  ports:
    - port: 80
      targetPort: 7577
      protocol: TCP
      name: http
  selector:
    app: skipper-server
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: skipper-server
  annotations:
    ingress.kubernetes.io/ssl-passthrough: "true"
    ingress.kubernetes.io/secure-backends: "true"
    kubernetes.io/ingress.allow.http: true
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  rules:
    - host: "<skipper_url>"
      http:
        paths:
          - path: /
            backend:
              serviceName: skipper-server
              servicePort: 80
  tls:
    - hosts:
      - "<skipper_url>"

SKIPPER APPLICATION.properties

spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driverClassName=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=
spring.server.use-forward-headers=true

回答1:


The root cause was skipper /api end point returning http urls for the /deployer and kubernetes ingress trying to redirect and getting blocked with a 308 error. Added below to skipper env properties and this fixed the issue.

DEPLOYMENT

apiVersion: apps/v1
kind: Deployment
metadata:
  name: skipper-server
spec:
      containers:
      env:
        - name: "server.tomcat.internal-proxies"
          value: ".*"
        - name: "server.use-forward-headers"
          value:  "true"**

INGRESS

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: skipper-server
  annotations:
    **nginx.ingress.kubernetes.io/ssl-redirect: false**


来源:https://stackoverflow.com/questions/58683372/skipper-https-rest-end-point-requests-returning-http-urls

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!