I am developing with microservices oriented architecture and want to trace. I was googling and I found that istio for example has the fallowing headers:
x-request-id
x-b3-traceid
x-b3-spanid
x-b3-parentspanid
x-b3-sampled
x-b3-flags
x-ot-span-context
Mainly I want to know the differences between x-request-id and x-b3-traceid, but ok if someone could share the others headers
Istio is using envoy, I think you can find your answers on this docs https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#id13
Related
Ok, this may be a tough one for a K8s neophite like me, so I'll rely in the many experts that lurk the shadows here because I cannot get an answer.
I would like to know if K8s implements ClusterIP services using Nginx or not, and if not, if it is a similar implementation. My cause of suspicion is getting 499 status codes from one internal microservice to the applciation's gateway, but both implementations are ASP.Net, and ASP.Net does not use status code 499.
The Internet says status code 499 is only used by Nginx.
So here I am, completely confused by the facts:
Client HTTP request reaches the gateway.
Gateway routes to internal HTTP server.
Internal HTTP server, an ASP.Net server, allegedly responds with status code 499.
So, if 499 is not coming from the ASP.Net server, who's sending it? I can only conclude that the sender is K8s itself, the Service ClusterIP part, right? To the gateway there's no difference, I suppose.
Thanks! Let me know if I should clarify anything.
We have requirement where we have to access some external APIs that are exposed to HTTP/2 (only) from our microservices (EKS kubernetes cluster, Perl based) through SQUID Proxy.
It seems, SQUID proxy doesn't support HTTP/2 so we are trying to get some alternative solution like:
Different proxy to support HTTP/2 outbound call
Or convert HTTP1.1 to HTTP/2
Could someone suggest the best alternative as per their experience on this and let me know the proxy information which will work in this scenario?
Many Thanks in advance.
We have a company proxy (ip:port) and need to send HTTP POST with json payload to the URL like "http://server1.smthng.com/foo". Locally, name could not be resolved, but it is resolved at proxy. I dont understand how to configure haproxy to use proxy "ip:port" and send request without modifying the original URL.
I've tried curl to "http://server1.smthng.com/foo" after setting https_proxy variable from CLI (in linux) and it worked for me, so now I need to replicate same via haproxy.
From curl logs I could see that it first makes a CONNECT to proxy and once connection is there it POSTs the data.
I could be missing some knowledge here regarding tcp tunnels and the answer could be simple really. Anyway, need help.
The question is to be closed with no asnwer. The solution we took is via civetweb htt_proxy parameters.
I am able to hit my web service with Below URL:
http://localhost:8080/projectservices/route/rest/gethealth
But I want to force the app to access REST resource using https only as:
http://localhost:8080/projectservices/route/rest/gethealth
FYI, I am using jboss wildfly 10 server.
It will be very helpful if anyone over here will let me know what are the different approaches and you can also suggest me some link to get more understanding of it. Thanks in Advance!
http vs https is not dependent on Rest webservices.
Enabling your application to be https need to be done at your server level. In your case - Jboss.
Im not familiar on how this can be done in Jboss, see if below helps:
https://docs.jboss.org/jbossweb/3.0.x/ssl-howto.html
Kubernetes surfaces an API proxy, which allows querying the internal services via eg: https://myhost.com/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/
This is all well, and good. However, for security & compliance reasons, all of our services expose an HTTPS endpoint. Attempting to access them by going to https://myhost/api/v1/proxy/namespaces/default/services/myhttpsservice:3000/ results in
Error: 'read tcp 172.20.122.129:48830->100.96.29.113:3000: read: connection reset by peer'
Trying to reach: 'http://100.96.29.113:3000/'
Because the endpoint, 100.96.29.113:3000 is in fact https.
Is there any way to configure the proxy to apply SSL to specific service endpoints?
(Edit: If this is not currently possible, a relevant github issue link for tracking the feature request is also acceptable answer until it will be)
As documented at https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#manually-constructing-apiserver-proxy-urls, (and pointed out on slack), you can access services behind HTTPS by prefixing the servicename with "https:" ;
Using the example from above, correctly it would be: https://myhost/api/v1/proxy/namespaces/default/services/https:myhttpsservice:3000/