🥇Ti hirup sareng Kubernetes: Kumaha server HTTP henteu resep ka Spanyol

A wawakil klien kami, anu aplikasi tumpukan resides dina Microsoft awan (Azure), kajawab masalah: anyar, sababaraha requests ti sababaraha klien ti Éropa mimiti ditungtungan ku kasalahan 400 (Panyungkeunan salah). Sadaya aplikasi ditulis dina .NET, disebarkeun dina Kubernetes...

Salah sahiji aplikasi nyaéta API, anu ngalangkungan sadaya lalu lintas tungtungna. Lalu lintas ieu didangukeun ku pangladén HTTP kestrel, ngonpigurasi ku klien .NET sarta hosted dina pod a. Kalawan debugging, kami untung dina harti yén aya pamaké husus anu konsistén dihasilkeun masalah. Nanging, sadayana rumit ku ranté lalu lintas:

Kasalahan dina Ingress katingali sapertos kieu:

{
   "number_fields":{
      "status":400,
      "request_time":0.001,
      "bytes_sent":465,
      "upstream_response_time":0,
      "upstream_retries":0,
      "bytes_received":2328
   },
   "stream":"stdout",
   "string_fields":{
      "ingress":"app",
      "protocol":"HTTP/1.1",
      "request_id":"f9ab8540407208a119463975afda90bc",
      "path":"/api/sign-in",
      "nginx_upstream_status":"400",
      "service":"app",
      "namespace":"production",
      "location":"/front",
      "scheme":"https",
      "method":"POST",
      "nginx_upstream_response_time":"0.000",
      "nginx_upstream_bytes_received":"120",
      "vhost":"api.app.example.com",
      "host":"api.app.example.com",
      "user":"",
      "address":"83.41.81.250",
      "nginx_upstream_addr":"10.240.0.110:80",
      "referrer":"https://api.app.example.com/auth/login?long_encrypted_header",
      "service_port":"http",
      "user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36",
      "time":"2019-03-06T18:29:16+00:00",
      "content_kind":"cache-headers-not-present",
      "request_query":""
   },
   "timestamp":"2019-03-06 18:29:16",
   "labels":{
      "app":"nginx",
      "pod-template-generation":"6",
      "controller-revision-hash":"1682636041"
   },
   "namespace":"kube-nginx-ingress",
   "nsec":6726612,
   "source":"kubernetes",
   "host":"k8s-node-55555-0",
   "pod_name":"nginx-v2hcb",
   "container_name":"nginx",
   "boolean_fields":{}
}

Dina waktos anu sami, Kestrel masihan:

HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0

Malah kalayan verbosity maksimum, kasalahan Kestrel ngandung pisan saeutik informasi mangpaat:

{
   "number_fields":{"ThreadId":76},
   "stream":"stdout",
   "string_fields":{
      "EventId":"{"Id"=>17, "Name"=>"ConnectionBadRequest"}",
      "SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
      "ConnectionId":"0HLL2VJSST5KV",
      "@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
      "@t":"2019-03-07T13:06:48.1449083Z",
      "@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
      "message":"Malformed request: invalid headers."
   },
   "timestamp":"2019-03-07 13:06:48",
   "labels":{
      "pod-template-hash":"2368795483",
      "service":"app"
   },
   "namespace":"production",
   "nsec":145341848,
   "source":"kubernetes",
   "host":"k8s-node-55555-1",
   "pod_name":"app-67bdcf98d7-mhktx",
   "container_name":"app",
   "boolean_fields":{}
}

Éta sigana ngan ukur tcpdump anu bakal ngabantosan masalah ieu ... tapi kuring bakal ngulang deui ngeunaan ranté lalu lintas:

Panalungtikan

Jelas, langkung saé ngadangukeun lalu lintas dina éta titik husus, dimana Kubernetes geus deployed pod a: volume dump bakal sapertos nu bakal mungkin pikeun manggihan sahenteuna hal geulis gancang. Sareng leres, nalika nalungtik éta, pigura ieu diperhatoskeun:

GET /back/user HTTP/1.1
Host: api.app.example.com
X-Request-ID: 27ceb14972da8c21a8f92904b3eff1e5
X-Real-IP: 83.41.81.250
X-Forwarded-For: 83.41.81.250
X-Forwarded-Host: api.app.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Original-URI: /front/back/user
X-Scheme: https
X-Original-Forwarded-For: 83.41.81.250
X-Nginx-Geo-Client-Country: Spain
X-Nginx-Geo-Client-City: M.laga
Accept-Encoding: gzip
CF-IPCountry: ES
CF-RAY: 4b345cfd1c4ac691-MAD
CF-Visitor: {"scheme":"https"}
pragma: no-cache
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
referer: https://app.example.com/auth/login
accept-language: en-US,en;q=0.9,en-GB;q=0.8,pl;q=0.7
cookie: many_encrypted_cookies; .AspNetCore.Identity.Application=something_encrypted; 
CF-Connecting-IP: 83.41.81.250
True-Client-IP: 83.41.81.250
CDN-Loop: cloudflare

HTTP/1.1 400 Bad Request
Connection: close
Date: Wed, 06 Mar 2019 12:34:20 GMT
Server: Kestrel
Content-Length: 0

Saatos pamariksaan langkung caket tina tempat pembuangan, kecap éta katénjo M.laga. Gampang nebak yén teu aya kota M.laga di Spanyol (tapi aya Malang). Ngarebut ideu ieu, urang ningal konfigurasi Ingress, dimana urang ningali anu diselapkeun sabulan katukang (dina pamundut klien) "teu bahaya" snippet:

    ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header X-Nginx-Geo-Client-Country $geoip_country_name;
      proxy_set_header X-Nginx-Geo-Client-City $geoip_city;

Saatos nganonaktipkeun neraskeun lulugu ieu, sadayana janten saé! (Enggal janten jelas yén aplikasi sorangan henteu peryogi deui header ieu.)

Ayeuna hayu urang nempo masalah leuwih umum. Ieu bisa gampang dihasilkeun di jero aplikasi ku nyieun pamundut telnet ka localhost:80:

GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Desiree

... mulih 401 Unauthorized, sakumaha nu diharapkeun. Naon anu lumangsung lamun urang ngalakukeun:

GET /back/user HTTP/1.1
Host: api.app.example.com
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://app.example.com
Cookie: test=Désirée

Bakal mulang 400 Bad request - dina log aplikasi kami bakal nampi kasalahan anu parantos biasa kami:

{
   "@t":"2019-03-31T12:59:54.3746446Z",
   "@mt":"Connection id "{ConnectionId}" bad request data: "{message}"",
   "@x":"Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers.n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection.TryParseRequest(ReadResult result, Boolean& endConnection)n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequestsAsync>d__185`1.MoveNext()",
   "ConnectionId":"0HLLLR1J974L9",
   "message":"Malformed request: invalid headers.",
   "EventId":{
      "Id":17,
      "Name":"ConnectionBadRequest"
   },
   "SourceContext":"Microsoft.AspNetCore.Server.Kestrel",
   "ThreadId":71
}

hasil

Hususna Kestrel teu tiasa leres ngolah header HTTP sareng karakter anu leres dina UTF-8, anu dikandung dina nami sajumlah kota anu lumayan.

Faktor tambahan dina hal urang nyaéta yén klien ayeuna henteu ngarencanakeun ngarobih palaksanaan Kestrel dina aplikasi. Tapi, masalah dina AspNetCore sorangan (No.4318, No.7707) aranjeunna nyarios yén ieu moal ngabantosan ...

Pikeun nyimpulkeun: catetan éta henteu deui ngeunaan masalah khusus Kestrel atanapi UTF-8 (dina 2019?!), tapi ngeunaan kanyataan yén mindfulness jeung ulikan konsisten Saban léngkah anu anjeun laksanakeun nalika milarian masalah, engké atanapi engké bakal ngahasilkeun buah. Sing salamet!

PS

Baca ogé dina blog urang:

sumber: www.habr.com

Ti hirup kalawan Kubernetes: Kumaha server HTTP teu ni'mat Spaniards

Panalungtikan

hasil

PS

Tambahkeun komentar ngabolaykeun reply