is there a way to stop Ambassador from polling services for open api docs?
I have tried disabling the developerportal mapping but still not working.
time="2020-06-11 04:59:49" level=error msg="Bad HTTP response" func=github.com/datawire/apro/cmd/amb-sidecar/devportal/server.HTTPGet.func1 file="github.com/datawire/apro#/cmd/amb-sidecar/devportal/server/fetcher.go:165" status_code=404 subsystem=fetcher url="https://127.0.0.1:8443/<nameofservice>/api/auth/info/.ambassador-internal/openapi-docs"
Kubernetes version : 1.16
AES version: 1.4.3
You can disable the doc polling in version 1.5.0+ by setting the environment variable POLL_EVERY_SECS to 0.
Related
Created ECS cluster let's call it tools.
tools cluster have 2 services:
sso-proxy
grafana - opensource
Going through sso-proxy to get grafana.
when trying to enter credentials to grafana i got the following error:
When incognito mode the login working for the first time.
This is the ECS logs:
Please someone can help.
Grafana must receive proper Host header in the request header. I guess your "sso-proxy" doesn't do that. You didn't provide reproducible example (why not, when you want to help), so it is only a guess.
Lazy and insecure workaround will be Grafana downgrade to version 8.3.4-, where CSRF fix for CVE-2022-21703 is not included.
Im integrating keycloak OAuth login to Grafana in Openshift.
Keycloak Image Version - quay.io/keycloak/keycloak:15.0.2
Grafana Image Version - grafana/grafana:7.1.5
Kubernetes Version - v1.21
Openshift Version - 4.8
The keyclaok is exposed at Route: http://keycloak-keycloak.router.default.svc.cluster.local.167.254.203.104.nip.io
The Grafana is exposed at Route: https://grafana.router.default.svc.cluster.local.167.254.203.104.nip.io
The keycloak is created with Realm - devops and client - grafana and these values are added to Grafana deployment as Environmental variable as follows
GF_AUTH_GENERIC_OAUTH_NAME=OAuth
GF_AUTH_GENERIC_OAUTH_ENABLED=true
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=33341c00-daf2-4170-a66f-c2c7c23ad151
GF_AUTH_GENERIC_OAUTH_AUTH_URL=http://keycloak-keycloak.router.default.svc.cluster.local.167.254.203.104.nip.io/auth/realms/devops/protocol/openid-connect/auth
GF_AUTH_GENERIC_OAUTH_TOKEN_URL=http://keycloak-keycloak.router.default.svc.cluster.local.167.254.203.104.nip.io/auth/realms/devops/protocol/openid-connect/token
GF_AUTH_GENERIC_OAUTH_API_URL=http://keycloak-keycloak.router.default.svc.cluster.local.167.254.203.104.nip.io/auth/realms/devops/protocol/openid-connect/userinfo
GF_AUTH_GENERIC_OAUTH_TLS_SKIP_VERIFY_INSECURE=true
With this when I browse the Grafana route and click on Sign in with OAuth I get error in screen - Inavalid Prameter Redirect URI. In the keycloak logs i see error - error=invalid_redirect_uri, redirect_uri=http://localhost:3000/login/generic_oauth.
Its taking localhost:3000 as Redirect URI, but i have specified the right redirect URI in client section of keycloak web i.e, : https://grafana.router.default.svc.cluster.local.167.254.203.104.nip.io/*.
While debugging this issue came across a similar issue : https://github.com/cetic/helm-fadi/issues/39.
Hence I have added these two environmental variables to Grafana:
GF_SERVER_DOMAIN=grafana.router.default.svc.cluster.local.167.254.203.104.nip.io
GF_SERVER_HTTP_PORT=80
This has resulted in pod crashloopbackoff with following error in logs:
t=2021-12-31T11:29:26+0000 lvl=info msg="HTTP Server Listen" logger=http.server address=[::]:80 protocol=https subUrl=//grafana.router.default.svc.cluster.local.167.254.203.104.nip.io:80 socket=
t=2021-12-31T11:32:53+0000 lvl=info msg="Shutdown started" logger=server reason="System signal: terminated"
t=2021-12-31T11:32:53+0000 lvl=info msg="Stopped Stream Manager"
Please help me to proceed.
It is in the Grafana documentation:
You may have to set the root_url option of [server] for the callback URL to be correct.
So remove GF_SERVER_DOMAIN,GF_SERVER_HTTP_PORT and configure GF_SERVER_ROOT_URL properly (I guess correct value for your setup is https://grafana.router.default.svc.cluster.local.167.254.203.104.nip.io)
Grafana will be able to generate correct redirect URL with this setup.
Description:
I've already add the
[message_builder]
json = "org.apache.synapse.commons.json.JsonStreamBuilder"
in the deployment.toml of the Gateway config chart.
But I do not understand the meaning of "maintain the standard builders on the API Dev portal node. "It's from https://apim.docs.wso2.com/en/latest/learn/api-gateway/response-caching/#response-caching
What does it mean and how to make this work?
Suggested Labels:
Response Caching
**Affected Product Version: wso2am-3.1.0
**OS, DB, other environment details and versions: kubernetes centOS mysql
APIM has Default message builders and message formatters.
You need to configure them on devportal node like this.
I am using keycloak-adapter-core in version 9.0.2 and need to set a timeout for a HTTP connection between application and Keycloak server. Unfortunately, I do not see this option in the library:
https://www.keycloak.org/docs/latest/securing_apps/#_java_adapter_config
e.g. connection-pool-size.
I recheck also code library and I do not see that timeout is set up.
Do you know any workaround for this ?
You need to use
socket-timeout-millis
in your config. See here for reference
Is there a way to tell Traefik not overwrite the response body when the response code is > 400 ?
The goal is to keep the body of a 404 or a 401 response
The goal is not have a custom error page but the real error page from the backend.
The environment is a Kubernetes Cluster where Traefik is the ingress provider, the storage used by traefik is consul.
This answer my question : https://github.com/containous/traefik/issues/4114
this is not possible since the net/http golang lib is implementing the RFC 7230 sec. 3.1.2. hardly,
and does not plan to change it.