My spring boot application needs to call a third party API to verify an user data. now the API provided from third party, they have some restrictions like they only accept if the request comes from some specific IP.
Now our network consultant has made one of my worker nodes to be able to request this API. I can curl the request to the API and get a proper response. I can deploy my application on that worker node outside of kubernetes using tomcat and get proper response.
But when I deploy it on kubernetes cluster, it does not work. Does not work means that API don't accept/process the request. 503 service not available something like that.
Then I tried to curl the request from inside the pods of worker node and found it does not work.
So, I am guessing my Kubernetes is not using the configuration on the system network.
So is there any way I can make my worker node(even one worker node) to use the system network while calling that or any third party API, as I can see I can request and get proper response from API when I request it outside the cluster but from the worker node pc.
Related
I have experienced unexpected behavior from Service Fabric Reverse Proxy.
When I abort a long-running request the proxy request to the Service Fabric Service is not being aborted and the whole request is executed.
If we make requests directly to the service, requests are canceled as expected.
An uninterrupted run of the long request - directly to the service
An interrupted run of the long request - directly to the service
Is there a setting that we need to enable so Service Fabric Reverse Proxy handles the requests as we expect it to?
Consider using Traefik instead, which is a more mature product.
It comes with an active community and request termination support.
It also doesn't have the undesired side effect of exposing all SF services by default.
Bear with me, I am still on training wheels with GCP
Scenario being
I have a Cloud Run instance serving an API (to be consumed internally)
A middleware running on Cloud Compute instance serving an API. This utilises API served by (1)
(2) needs to access (1)
I'm trying to figure out how to discover the internal DNS name or IP, so that the middleware (2) can be configured to access Cloud Run served API (1)
Intention being to create templates (environment config files) so that I can eventually automate the deployment of all layer.
With Cloud Run, you can't know before the first deployment the URL of the service. The pattern is
https://<serviceName>-<projectHash>.<region>.run.app
You can also have optionally a tag at the beginning, but it's not important here.
The bad part is the project Hash can't be calculated before the deployment (or I donc know the hash formula). Thus it's impossible to register in a DNS the URL in advance of the deployment.
However, if you use tools like terraform, you can get, as output, the URL of the service after the deployment and then register it in your DNS, as CNAME (Cloud Run is a managed service, you haven't a static IP).
You can also use the CLoud Run API to request the list of services on a project, pick the service that you want and get the URL of the service (get request to the service API)
A last word before you hit the wall, you talk about internal endpoint. Cloud Run url is public, and public only. Therefore, your middleware need to access to the internet to be able to request Cloud Run.
If your middleware is deployed on the same project, you can set the Cloud Run service ingress to internal to allow only resources from the VPCs of the current project to access to Cloud Run service.
But the URL is still public and you need an internet access to resolve and to access it.
If you don't wanna be bothered by service discovery and constructing the full URL, you can use runsd, a solution that I developed for Cloud Run that allows you to call a service by its name (e.g. http://hello).
For my deployment I have a number of 3rd party systems that can only send HTTP POST requests with metrics (I need in the queue) and they cannot be re-configured. My goal is to have specific endpoints (or vhosts) that when POST'd to will automatically route to the correct queue, without needing the necessary routing key and other standard rabbitmq JSON data. As this modification is not possible in the 3rd party systems.
I can't find any way to do this natively as of now, but I believe it may be possible to configure a HTTP reverse proxy in the front, whereby any data sent to the specific endpoint, will be re-directed to the correct rabbitMQ HTTP endpoint, where I could then bolt in the nessary JSON data so it can be parsed by rabbitmq and placed in the realvent queue. I wanted to check if this is the only logical solution to this, or am I missing something obvious that can be done within rabbitmq's administration page or via config files.
I have .net core API inside the web app and that web app is backend pool for azure application gateway. while trying to access the web app got below error.
"502 - Web server received an invalid response while acting as a gateway or proxy server."
On app GW, health prob for that web app in unhealthy but while access the API as a https://abc.azurewebsites.net/api/values then it works.
When we deploy API in Web App Service then apiname.azurewebsites.net does not work give any probes to application gateway and treat unhealthy. API works like xxx.azurewebsites.net/api/values and Application Gateway also know this path. We have to put /api/values in override backend path of http settings. Same have to do in health probes.
Yes, you can first verify if the backend API could access directly without app gateway. Then this error may happen due to the following main reasons:
NSG, UDR or Custom DNS is blocking access to backend pool members.
Back-end VMs or instances of virtual machine scale set are not responding to the default health probe.
Invalid or improper configuration of custom health probes.
Azure Application Gateway's back-end pool is not configured or empty.
None of the VMs or instances in virtual machine scale set are healthy.
Request time-out or connectivity issues with user requests.
Generally, the Backend healthy status and details could point it out and show some clues. You could also verify all of the above reasons one by one according to this DOC.
I have WCF RESTful services running on IIS6. (public exposed on internet)
example
http://{domain}:8000/todoService.svc/countPerLabel?uMID={uMID}&userID={userID}
I have setup APIGEE proxy API manager gateway to call the the WCF services.
http://{APIGEE}/v1/todo/countperlabel?uMID={uMID}&userID={userID}
Case A. When i call the APIGEE url for the first time it works - but when i make another call it delays for few seconds and response with timeout/service unavailable.
If i wait for about 10 minutes and calls the service again Case A occurs.
I am not able to understand - if i call my service url independently without APIgee everything works well.
I don't not want to give third party developer access to naked API url therefore like to secure it using either APIgee or WSO2.
Is it something to do with proxy issues where my IIS6 not able to respond back to request from proxy server?
Kindly suggest.
Thanks
It seems you are having multiple endpoints. First call goes to one endpoint and the second to another one. Why dont you try a third call as well. If it works and the fourth one fails, then my explanation is correct. If it is the case, one of your endpoints may be having firewall issues.