Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Enable Diagnostic UI in the internal k8s network only

See original GitHub issue

Please describe your use case / problem. Since 1.6, when the diagnostics is disabled, the admin UI is not exposed to envoy, but it is also not exposed to the pod IP. It is only exposed the 127.0.0.1. This makes exposing the UI difficult. Our use case is that we have another ambassador group running, for all the admin UIs and we were exposing the public ambassador admin with this admin ambassador group. Now it returns Not found.

Describe the solution you’d like Right now, there is a flag diagnotics.enabled which is “true” or “false”. There are two options: Either we make this flag accept multiple values (ex: “disabled”, “enabled”, “pod_enabled_only”) instead of a bool, or we add a second flag, (ex pod_enabled: true) to enable the admin UI outside of the pod (but not publicly). (Names are probably bad, it’s just provided as example).

Additional context Initial discussion: https://datawire-oss.slack.com/archives/CAULN7S76/p1605206931353900

Issue Analytics

State:
Created 3 years ago
Comments:5 (4 by maintainers)

Top GitHub Comments

1reaction

kflynncommented, Mar 5, 2021

I’d go with allow_non_local, but yes, after our discussion on Slack, I think that’s as good as you’re gonna get. Go for it. 🙂

0reactions

jfrabautecommented, Mar 1, 2021

Actually… this is not related to the bind address. It’s just hardcoded in the code:

    enabled = app.ir.ambassador_module.diagnostics.get("enabled", False)
    if not enabled and not _is_local_request():
        return Response("Not found\n", 404)

so when I set diagnostics.enabled to false, it blocks the request from the request handler. diagnostics.enabled to true is adding the mappings which expose the diag UI to the outside world.

I might need to add something like expose_non_local: true ? So something like that?

      config:
        diagnostics:
          enabled: false
          expose_non_local: true

Maybe there is another way…

Top Results From Across the Web

Debug Pods - Kubernetes

This guide is to help users debug applications that are deployed into Kubernetes and not behaving correctly. This is not a guide for...

Kubernetes fails to start (hangs in starting phase) · Issue #1962

I have included the Diagnostics ID in this Issue ... Enter Settings; Go to Kubernetes menu; Select Enable Kubernetes; Hit Apply.

Exposing Applications for Internal Access - Kube by Example

Kubernetes Networking. When pods are created, they are assigned an IP address. You use this IP to access the pod from anywhere within...

Managing Networking | OpenShift Container Platform 3.11

A pod can only connect to the public Internet, and cannot initiate connections to internal hosts that are outside the OpenShift Container Platform...

Troubleshooting Kubernetes Networking Issues - Teleport

The bridge-netfilter setting enables iptables rules to work on Linux bridges just like the ones set up by Docker and Kubernetes.

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

Enable Diagnostic UI in the internal k8s network only

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

Ambadassor pod doesn't start due to failing readiness probe

CORS response headers not applied when request origin not in explicit origins list