Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Microcks Ui doesnt show APIs & Services
See original GitHub issueHello,
It seems I have a problem with my k8s v1.20.11 installation of microcks. I´ve deployed microcks on two company clusters and local minikube instance. I have tested it with different versions locally and in the cluster. The minikube instance works fine but the cluster installations have a strange behaviour.
I can create APIs:
But only get a blank page when try to list them.
The pods do not return any error messages except this warning:
Podlog
08:51:54.822 [DEBUG] io.github.microcks.web.InvocationController - Getting invocations stats for last 20 days
08:51:54.822 [DEBUG] io.github.microcks.web.InvocationController - Getting top 20 invocations stats for day 20211215
08:51:54.822 [WARN] org.keycloak.adapters.RequestAuthenticator - SSL is required to authenticate. Remote address 100.x.x.34 is secure: false, SSL required for: EXTERNAL .
The network analysis of Chrome and Firefox shows the following errors:
Issue Analytics
- State:
- Created 2 years ago
- Comments:25 (14 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi @lbroudoux, the settings that we typically use inside of our internal clusters don’t use
.*for internal-proxies, but a regex that matches the cluster’s configured pod IP subnet. The.*configuration is definitely not safe as a default if the tomcat server handles any traffic that comes from the internet.This configuration is necessary for us because due to the size and number of our clusters, we can’t use only the 3 typical private IPv4 address spaces, so we have to use a reserved IPv4 space such as
172.16.0.0/12. Since those IPs aren’t part of the default configuration for the internal-proxies valve, we have to provide our own regex that matches it.For example, incoming HTTPS traffic gets handled by an appliance that terminates TLS and then routes it to the cluster as HTTP with proxy headers such as
X-Forwarded-Proto: https. In the cluster an ingress pod with an IP of say 172.16.0.1 routes it to an application pod. With the default configuration, tomcat in that application container will ignore theX-Forwarded..headers because the internal-proxies regex only matches the 3 private IPv4 (and v6) blocks. However, since we configure the remoteip valve with a regex that will match 172.16.0.1, then it will treat that as an internal proxy and properly forward the proxy headers to the application code.I think that
nativeis a safe default for this microcks image since it uses spring and an embedded tomcat server. Setting it toframeworkwould have no benefit in this case, but it could be required if you for instance distributed microcks as a jar/war for people to deploy in some other servlet container. Theframeworkoption will just make Spring autoconfigure a filter to handle forwarding the proxy headers.