The request flow:
Application gateway--> Azure APIM--> APIM Backend (istio)
Goal:
Application gateway--> Azure APIM--> APIM Backend (istio-HTTPS) --> istio Gateway(HTTPS)
We have already configured the same setup in nginx ingress controller instaed of istio. It is working fine with https. Below are the configurations done in the nginx deployment.
containers:
- args
- --default-ssl-certificate=namespace/tls-secret
How we can achieve the same in istio implementation?
Followed steps:
Created secrets in istio-system with crt and key and configured in Gateway. Still getting 500 error
Related
We have Azure Kubernetes cluster with Istio gateway installed. We have deployed 10 microservices in this cluster. We have installed SSL certificate without any errors. But https is working only with the microservice deployed lastly. Please support us in resolving this issue.
In Nginx, we can set up basic auth by adding annotation in the ingress.
nginx.ingress.kubernetes.io/auth-realm: Authentication Required
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-type: basic
But if we are using azure application gateway instead of Nginx how can we set up basic auth.
Unfortunately Azure Application Gateway doesn't support basic auth and I would say using an ingress controller like nginx-ingress is the proper choice in a scenario where you need this feature. The lack of support for authentication in Azure Application Gateway was already reported in this thread.
I need some guidance please, first here is my project details :
- Jhipster v6.0.0
- Angular
- Microservices architecture with Jhipster-Registry + UAA
- No monitoring, no Ingress, no Istio (just the defaults options, full JHipster)
- Deployed on Google Kubernetes Engine cluster
So, if I understand correctly, with my current setup it is the Gateway that is doing the load balancing using Netflix Ribbon and it is the entry point from the World Wide Web to access my app. How can I make my app accessible with HTTPS and SSL certificate on GKE ? I'm a bit confused, do I need to switch to Ingress ?
Thanks
I have a jhipster generated microservice gateway and application that I run in Google's GKE by using the jhipster kubernetes generator. I have istio deployed in the kubernetes cluster and not using the jhipster-registry.
When I deploy the gateway with ServiceType=Ingress, the communication between the gateway and the application works great. I am trying to get up a GKE multi-cluster ingress which load balances the application deployed in clusters in different regions.
Google has a beta tool called kubemci which sets up all the plumbing for the load balancers. However, in order to use kubemci, the gateway needs to be deployed as a NodePort instead of ClusterIP. When I deploy with ServiceType=NodePort, I get errors when trying to create entities.
The error is:
translation-not-found[Http failure response for http://store.xxxx.com/product04/api/products?page=0&size=20&sort=id,asc: 404 Not Found]
I do not get this error when the app is deployed as a ClusterIP and I access it through the istio ingress gateway. Does anyone know what I need to do get the microservices to talk to the gateway when its defined as a NodePort?
Our platform has an Azure Application Gateway configured with a number of back services hosted in an AKS cluster using the Azure Application Gateway ingress controller. One of the services is our core identity service eg https://login.mydomain.com.
I can browse directly to this url and the login page is served fine. Due to having strict data sovereignty requirements, another service provides is a regional authentication service eg https://login-region.mydomain.com
We use an OIDC back channel flow to redirect the user from the global service to the relevant region to enter their user credentials. This also works correctly to authenticate the user.
The issue arises when the regional identity server redirects back to the core identity service with the authentication token.
A nginx 502 Bad Gateway message is displayed.
As a side note, we have test environment configured that does not use Application Gateway, rather Kubernetes nginx Ingress controller for SSL Termination. During the configuration of this environment we had a similar issue and increasing the nginx proxy-buffer-size be increased 16k resolved the issue.
There is no limit set in the docs for Application Gateway: https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/application-gateway-limits.md
I'm not sure If I'm looking in the correct place or if this is completely unrelated.