Site na ndụ na Kubernetes: Kedu ka sava HTTP akwadoghị ndị Spen

Onye nnọchite anya onye ahịa anyị, onye ngwugwu ngwa ya bi na igwe ojii Microsoft (Azure), lebara otu nsogbu anya: n'oge na-adịbeghị anya, ụfọdụ arịrịọ sitere n'aka ụfọdụ ndị ahịa si Europe malitere iji njehie 400 kwụsị (Ajọ arịrịọ). Edere ngwa niile na NET, etinyere na Kubernetes...

Otu n'ime ngwa a bụ API, nke okporo ụzọ niile na-abịa n'ikpeazụ. Sava HTTP na-ege ntị okporo ụzọ a kestrel, nke onye ahịa NET haziri wee kwado ya na pọd. Site na nbipu, anyị nwere chioma n'echiche na enwere onye ọrụ akọwapụtara nke na-emepụtaghachi nsogbu ahụ mgbe niile. Agbanyeghị, ihe niile gbagwojuru anya site na yinye okporo ụzọ:

Njehie dị na Ingress dị ka nke a:

{
   "number_fields":{
      "status":400,
      "request_time":0.001,
      "bytes_sent":465,
      "upstream_response_time":0,
      "upstream_retries":0,
      "bytes_received":2328
   },
   "stream":"stdout",
   "string_fields":{
      "ingress":"app",
      "protocol":"HTTP/1.1",
      "request_id":"f9ab8540407208a119463975afda90bc",
      "path":"/api/sign-in",
      "nginx_upstream_status":"400",
      "service":"app",
      "namespace":"production",
      "location":"/front",
      "scheme":"https",
      "method":"POST",
      "nginx_upstream_response_time":"0.000",
      "nginx_upstream_bytes_received":"120",
      "vhost":"api.app.example.com",
      "host":"api.app.example.com",
      "user":"",
      "address":"83.41.81.250",
      "nginx_upstream_addr":"10.240.0.110:80",
      "referrer":"https://api.app.example.com/auth/login?long_encrypted_header",
      "service_port":"http",
      "user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36",
      "time":"2019-03-06T18:29:16+00:00",
      "content_kind":"cache-headers-not-present",
      "request_query":""
   },
   "timestamp":"2019-03-06 18:29:16",
   "labels":{
      "app":"nginx",
      "pod-template-generation":"6",
      "controller-revision-hash":"1682636041"
   },
   "namespace":"kube-nginx-ingress",
   "nsec":6726612,
   "source":"kubernetes",
   "host":"k8s-node-55555-0",
   "pod_name":"nginx-v2hcb",
   "container_name":"nginx",
   "boolean_fields":{}
}

N'otu oge ahụ, Kestrel nyere:

HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0

Ọbụlagodi na oke nkwuputa okwu, njehie Kestrel nwere oke obere ozi bara uru:

{
   "number_fields":{"ThreadId":76},
   "stream":"stdout",
   "string_fields":{
      "EventId":"{"Id"=>17, "Name"=>"ConnectionBadRequest"}",
      "SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
      "ConnectionId":"0HLL2VJSST5KV",
      "@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
      "@t":"2019-03-07T13:06:48.1449083Z",
      "@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
      "message":"Malformed request: invalid headers."
   },
   "timestamp":"2019-03-07 13:06:48",
   "labels":{
      "pod-template-hash":"2368795483",
      "service":"app"
   },
   "namespace":"production",
   "nsec":145341848,
   "source":"kubernetes",
   "host":"k8s-node-55555-1",
   "pod_name":"app-67bdcf98d7-mhktx",
   "container_name":"app",
   "boolean_fields":{}
}

Ọ ga-adị ka naanị tcpdump ga-enyere aka dozie nsogbu a ... mana m ga-ekwughachi banyere agbụ okporo ụzọ:

Nchọpụta

N'ụzọ doro anya, ọ ka mma ige ntị na okporo ụzọ na ọnụ ọnụ ahụ akọwapụtara, ebe Kubernetes etinyela pọd: olu nke mkpofu ga-abụ nke na ọ ga-ekwe omume ịchọta ma ọ dịkarịa ala ihe mara mma ngwa ngwa. Na n'ezie, mgbe ị na-enyocha ya, a hụrụ etiti na-esonụ:

GET /back/user HTTP/1.1
Host: api.app.example.com
X-Request-ID: 27ceb14972da8c21a8f92904b3eff1e5
X-Real-IP: 83.41.81.250
X-Forwarded-For: 83.41.81.250
X-Forwarded-Host: api.app.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Original-URI: /front/back/user
X-Scheme: https
X-Original-Forwarded-For: 83.41.81.250
X-Nginx-Geo-Client-Country: Spain
X-Nginx-Geo-Client-City: M.laga
Accept-Encoding: gzip
CF-IPCountry: ES
CF-RAY: 4b345cfd1c4ac691-MAD
CF-Visitor: {"scheme":"https"}
pragma: no-cache
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
referer: https://app.example.com/auth/login
accept-language: en-US,en;q=0.9,en-GB;q=0.8,pl;q=0.7
cookie: many_encrypted_cookies; .AspNetCore.Identity.Application=something_encrypted; 
CF-Connecting-IP: 83.41.81.250
True-Client-IP: 83.41.81.250
CDN-Loop: cloudflare

HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0

Mgbe a nyochachara ebe mkpofu ahụ, ahụrụ okwu ahụ M.laga. Ọ dị mfe iche na ọ dịghị obodo M.laga na Spain (mana e nwere Málaga). N'iji echiche a, anyị lere anya na nhazi Ingress, ebe anyị hụrụ nke etinyere otu ọnwa gara aga (na arịrịọ onye ahịa) snippet "adịghị njọ".:

    ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header X-Nginx-Geo-Client-Country $geoip_country_name;
      proxy_set_header X-Nginx-Geo-Client-City $geoip_city;

Mgbe o mebisịrị mbugharị nke nkụnye ndị a, ihe niile dị mma! (N'oge na-adịghị anya, ọ bịara doo anya na ngwa n'onwe ya anaghịzi achọ nkụnye ndị a.)

Ugbu a, ka anyị leba anya na nsogbu ahụ ọzọ n'ozuzu. Enwere ike imepụtagharị ya ngwa ngwa n'ime ngwa site na ịrịọ telnet arịrịọ localhost:80:

GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Desiree

... na-alaghachi 401 Unauthorized, dị ka a tụrụ anya ya. Kedu ihe ga - eme ma ọ bụrụ na anyị emee:

GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Désirée

?

Ga-alọghachi 400 Bad request - na ndekọ ngwa anyị ga-enweta njehie nke anyị maara nke ọma:

{
   "@t":"2019-03-31T12:59:54.3746446Z",
   "@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
   "@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
   "ConnectionId":"0HLLLR1J974L9",
   "message":"Malformed request: invalid headers.",
   "EventId":{
      "Id":17,
      "Name":"ConnectionBadRequest"
   },
   "SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
   "ThreadId":71
}

Nsonaazụ

Kpọmkwem Kestrel enweghị ike Hazie HTTP nkụnye eji isi mee nke ọma na mkpụrụedemede ziri ezi dị na UTF-8, nke dị n'aha ọnụ ọgụgụ obodo buru ibu.

Ihe ọzọ na-eme n'ọnọdụ anyị bụ na onye ahịa adịghị eme atụmatụ ugbu a ịgbanwe mmejuputa Kestrel na ngwa ahụ. Agbanyeghị, nsogbu dị na AspNetCore n'onwe ya (No.4318, No.7707) ha na-ekwu na nke a agaghị enyere aka ...

Iji chịkọta: ndetu abụghịzi maka nsogbu akọwapụtara nke Kestrel ma ọ bụ UTF-8 (na 2019?!), mana gbasara eziokwu ahụ. uche na ọmụmụ na-agbanwe agbanwe Nzọụkwụ ọ bụla ị na-eme mgbe ị na-achọ nsogbu ga-amịpụta mkpụrụ n'oge na-adịghị anya. Jisie ike!

PS

Gụọkwa na blọọgụ anyị:

• «6 sistemu sistemu na-atọ ụtọ na arụ ọrụ Kubernetes [na ngwọta ha]»;
• «Atụmatụ na aghụghọ Kubernetes: ibe njehie omenala na NGINX Ingress»;
• «Nchịkọta na ntụnyere ndị njikwa Ingress maka Kubernetes»;
• «Nleba anya pings n'etiti Kubernetes nodes - Ntụziaka anyị»;
• «Okwu 3 pụrụ iche gbasara sistemụ netwọkụ Linux".

isi: www.habr.com