apicurio-studio-api pod reponds a 404 not found on a K8S cluster

[Kignoux]

Hello,

I'm trying to install apicurio-studio on a Kubernetes cluster following the yaml example from the github repository (https://github.com/Apicurio/apicurio-studio/tree/master/distro/kubernetes) adapted with the documentation. The http requests go through an istio gateway virtualservice.

My problem is that even though I do not see any errors in the logs (despite the APICURIO_LOGGING_LEVEL variable set to "debug"), the apicurio-studio-api module is not accessible and responds a 404 not found as shown in the image. The apicurio-studio-ui module seems to work correctly as well as the virtualservie configuration.

Is there a way I can debug furthermore ? Can you see something in my configuration you feel is incorrect ?

Thank you for your help! I tried everything :/

Logs from the apicurio-studio-api container:

Starting the Java application using /opt/jboss/container/java/run/run-java.sh ...
INFO exec  java -Dapicurio.hub.storage.jdbc.type=postgresql9 -Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager -javaagent:/usr/share/java/jolokia-jvm-agent/jolokia-jvm.jar=config=/opt/jboss/container/jolokia/etc/jolokia.properties -XX:MaxRAMPercentage=50.0 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+ExitOnOutOfMemoryError -cp "." -jar /deployments/apicurio-studio-api-runner.jar 
Picked up JAVA_TOOL_OPTIONS: -Djava.net.preferIPv4Stack=true -Djavax.net.ssl.trustStore=/trust/truststore.jks -Djavax.net.ssl.trustStorePassword=secret
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.jolokia.util.ClassUtil (file:/usr/share/java/jolokia-jvm-agent/jolokia-jvm.jar) to constructor sun.security.x509.X500Name(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)
WARNING: Please consider reporting this to the maintainers of org.jolokia.util.ClassUtil
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
I> No access restrictor found, access to any MBean is allowed
Jolokia: Agent started with URL https://192.168.3.131:8778/jolokia/
SLF4J: No SLF4J providers were found.
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See https://www.slf4j.org/codes.html#noProviders for further details.
SLF4J: Class path contains SLF4J bindings targeting slf4j-api versions 1.7.x or earlier.
SLF4J: Ignoring binding found at [jar:file:/deployments/lib/org.jboss.slf4j.slf4j-jboss-logmanager-1.2.0.Final.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See https://www.slf4j.org/codes.html#ignoredBindings for an explanation.
__  ____  __  _____   ___  __ ____  ______ 
 --/ __ \/ / / / _ | / _ \/ //_/ / / / __/ 
 -/ /_/ / /_/ / __ |/ , _/ ,< / /_/ /\ \   
--\___\_\____/_/ |_/_/|_/_/|_|\____/___/   
2023-04-18 08:35:47,666 INFO  [io.qua.oid.com.run.OidcCommonUtils] (main) Connecting to OpenId Connect Provider for up to 30 times every 2 seconds
2023-04-18 08:35:48,420 INFO  [io.agr.pool] (main) Datasource '<default>': Initial size smaller than min. Connections will be created when necessary
2023-04-18 08:35:48,498 INFO  [io.quarkus] (main) apicurio-studio-platforms-quarkus-api 0.2.61.Final on JVM (powered by Quarkus 2.16.4.Final) started in 2.500s. Listening on: http://0.0.0.0:8080
2023-04-18 08:35:48,498 INFO  [io.quarkus] (main) Profile prod activated. 
2023-04-18 08:35:48,498 INFO  [io.quarkus] (main) Installed features: [agroal, cdi, jdbc-h2, jdbc-mysql, jdbc-postgresql, narayana-jta, oidc, resteasy, resteasy-jackson, security, servlet, smallrye-context-propagation, vertx]

Command executed directly from the apicurio-studio-api container:

[jboss@apicurio-studio-api-deployment-5487d9cbfc-kxpch ~]$ curl -v http://0.0.0.0:8080
* Rebuilt URL to: http://0.0.0.0:8080/
*   Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:8080
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Date: Tue, 18 Apr 2023 14:08:21 GMT
< Expires: Mon, 17 Apr 2023 14:08:21 GMT
< Pragma: no-cache
< Cache-control: no-cache, no-store, must-revalidate
< Content-Length: 0
<
* Connection #0 to host 0.0.0.0 left intact

Here are the Kubernetes configurations:

apiVersion: v1
kind: ConfigMap
metadata:
  name: apicurio-studio-configmap
  namespace: apicurio-studio
data:
  keycloak-url: http://keycloak.mydomain.com
  apicurio-ui-logout-redirect-uri: /
  apicurio-ui-hub-api-url: https://apicurio-studio.mydomain.com/studio-api
  apicurio-ui-editing-url: ws://apicurio-studio.mydomain.com/designs
  apicurio-microcks-api-url:  http://MICROCKS_URL/api
  apicurio-db-connection-url: jdbc:postgresql://apicurio-studio-db-service:5432/apicuriostudiodb
  apicurio-kc-client-id: apicurio-studio
  apicurio-kc-realm: apicurio
  apicurio-microcks-client-id: microcks-serviceaccount
  apicurio-ui-feature-share-with-everyone: "true"
  apicurio-ui-feature-microcks: "false"

apiVersion: apps/v1
kind: Deployment
metadata:
  name: apicurio-studio-api-deployment
  namespace: apicurio-studio
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/component: apicurio-studio-api
  template:
    metadata:
      labels:
        app.kubernetes.io/component: apicurio-studio-api
    spec:
      containers:
      - env:
        - name: APICURIO_LOGGING_LEVEL
          value: "debug"
        - {name: APICURIO_DB_CONNECTION_URL, valueFrom: {configMapKeyRef: {name: apicurio-studio-configmap, key: apicurio-db-connection-url}}}
        - {name: APICURIO_MICROCKS_API_URL, valueFrom: {configMapKeyRef: {name: apicurio-studio-configmap, key: apicurio-microcks-api-url}}}
        - {name: APICURIO_MICROCKS_CLIENT_ID, valueFrom: {configMapKeyRef: {name: apicurio-studio-configmap, key: apicurio-microcks-client-id}}}
        # - {name: APICURIO_MICROCKS_CLIENT_SECRET, valueFrom: {configMapKeyRef: {name: apicurio-studio-configmap, key: apicurio-microcks-client-secret}}}
        - {name: APICURIO_KC_AUTH_URL, valueFrom: {configMapKeyRef: {name: apicurio-studio-configmap, key: keycloak-url}}}
        - {name: APICURIO_KC_REALM, valueFrom: {configMapKeyRef: {name: apicurio-studio-configmap, key: apicurio-kc-realm}}}
        - {name: APICURIO_KC_CLIENT_ID, valueFrom: {configMapKeyRef: {name: apicurio-studio-configmap, key: apicurio-kc-client-id}}}
        - {name: APICURIO_SHARE_FOR_EVERYONE, valueFrom: {configMapKeyRef: {name: apicurio-studio-configmap, key: apicurio-ui-feature-share-with-everyone}}}
        - {name: APICURIO_DB_PASSWORD, valueFrom: {secretKeyRef: {name: apicurio-studio-secret, key: db-password}}}
        - {name: APICURIO_DB_USER_NAME, valueFrom: {secretKeyRef: {name: apicurio-studio-secret, key: db-user}}}
        - {name: APICURIO_KC_CLIENT_SECRET, valueFrom: {secretKeyRef: {name: apicurio-studio-secret, key: apicurio-kc-client-secret}}}
        - name: APICURIO_DB_DRIVER_NAME
          value: "postgresql"
        - name: APICURIO_DB_INITIALIZE
          value: "true"
        - name: APICURIO_DB_TYPE
          value: "postgresql9"
        - name: JAVA_TOOL_OPTIONS
          value: "-Djava.net.preferIPv4Stack=true -Djavax.net.ssl.trustStore=/trust/truststore.jks -Djavax.net.ssl.trustStorePassword=secret"
        image: 'apicurio/apicurio-studio-api:0.2.61.Final'
        name: apicurio-studio-api
        volumeMounts:
        - name: truststore
          readOnly: true
          mountPath: "/trust"
        ports:
        - containerPort: 8080
      restartPolicy: Always
      volumes:
      - name: apicurio-studio-secret
        secret:
          secretName: apicurio-studio-secret
      - name: apicurio-studio-configmap
        configMap:
          name: apicurio-studio-configmap
      - name: truststore
        secret:
          secretName: apicurio-studio-truststore

apiVersion: v1
kind: Service
metadata:
  name: apicurio-studio-api-service
  namespace: apicurio-studio
spec:
  ports:
  - name: "8091"
    port: 8091
    targetPort: 8080
  selector:
    app.kubernetes.io/component: apicurio-studio-api
---
apiVersion: v1
kind: Service
metadata:
  name: apicurio-studio-ui-service
  namespace: apicurio-studio
spec:
  ports:
  - name: "8093"
    port: 8093
    targetPort: 8080
  selector:
    app.kubernetes.io/component: apicurio-studio-ui
---
apiVersion: v1
kind: Service
metadata:
  name: apicurio-studio-ws-service
  namespace: apicurio-studio
spec:
  ports:
  - name: "8092"
    port: 8092
    targetPort: 8080
    protocol: TCP
  selector:
    app.kubernetes.io/component: apicurio-studio-ws
---
apiVersion: v1
kind: Service
metadata:
  name: apicurio-studio-db-service
  namespace: apicurio-studio
spec:
  ports:
  - name: "5432"
    port: 5432
    targetPort: 5432
  selector:
    app.kubernetes.io/component: apicurio-studio-db

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: apicurio-studio-virtualservice
  namespace: apicurio-studio
spec:
  gateways:
  - istio-system/apicurio-gateway
  hosts:
  - apicurio-studio.mydomain.com
  http:
  - match:
    - uri:
        # prefix: /studio-api
        regex: /studio-api/?(.*)
    route:
    - destination:
        host: apicurio-studio-api-service.apicurio-studio.svc.cluster.local
        port:
          number: 8091
  - match:
    - uri:
        prefix: /designs
    route:
    - destination:
        host: apicurio-studio-ws-service.apicurio-studio.svc.cluster.local
        port:
          number: 8092
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: apicurio-studio-ui-service.apicurio-studio.svc.cluster.local
        port:
          number: 8093

[adel-chouchane]

Hello, try requesting this url from the api container : http://0.0.0.0:8080/system/ready If you get 404 that means you have a problem in your API deployment else you have a problem in the communication between the UI and the API components.

[Kignoux]

Here is the response from the api container:

[jboss@apicurio-studio-api-deployment-768c7dd544-f5m4b ~]$ curl -v http://0.0.0.0:8080/system/ready
*   Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 8080 (#0)
> GET /system/ready HTTP/1.1
> Host: 0.0.0.0:8080
> User-Agent: curl/7.61.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Thu, 20 Apr 2023 09:14:37 GMT
< Expires: Wed, 19 Apr 2023 09:14:37 GMT
< Pragma: no-cache
< Cache-control: no-cache, no-store, must-revalidate
< Content-Type: application/json
< Content-Length: 11
< 
* Connection #0 to host 0.0.0.0 left intact

Indeed, it seems ok.

Looking at my virtualservice configuration, does apicurio-studio support having the same url for the three pods ?

Thanks for your help

[aj84276]

I have similar issue, Any luck on the fix?

[adel-chouchane]

For the CORS issue you need to set the QUARKUS_HTTP_CORS=true in the API and UI pods

[Kignoux]

Hello, I do not have the same issue and I was wondering if apicurio-studio supports to have the same url for all the module like so:

• UI > https://apicurio-studio.mydomain.com
• API > https://apicurio-studio.mydomain.com/studio-api
• WS> https://apicurio-studio.mydomain.com/designs

My navigator indicates that i cannot find this url for instance: https://apicurio-studio.mydomain.com/studio-api/currentuser/activity?end=10

Thank you

[aj84276]

For the CORS issue you need to set the QUARKUS_HTTP_CORS=true in the API and UI pods

https://quarkus.io/guides/http-reference

Could not add this property..

Any solution : cess to XMLHttpRequest at 'https://apicurio-api..net/designs' from origin 'https://apicurio.' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

[Kignoux]

Hello, Does apicurio-studio supports to have the same url for all the module like so:

UI > https://apicurio-studio.mydomain.com/ API > https://apicurio-studio.mydomain.com/studio-api WS> https://apicurio-studio.mydomain.com/designs

Thanks for your help

[airen29]

I have the same issue

[Kignoux]

Hello,

I resolved this by adding the following environment variables to my deployments:

apicurio-studio-api:

QUARKUS_HTTP_CORS: "true"
QUARKUS_HTTP_CORS_ORIGINS: "*" 

and apicurio-studio-ui QUARKUS_HTTP_CORS: "false"

[airen29]

Well my main problem is something you had before (NO CORS)

GET https://apicurio-studio.xyz/studio-api/currentuser/activity?end=10 404 (Not Found)

I have it like:

• UI > https://apicurio-studio.mydomain.com/
• API > https://apicurio-studio.mydomain.com/studio-api
• WS> https://apicurio-studio.mydomain.com/designs

That's my updated Ingress file:

kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: Apicurio-general
  annotations:
    #    ingress.kubernetes.io/rewrite-target: /
    ingress.kubernetes.io/proxy-connect-timeout: "3600"
    ingress.kubernetes.io/proxy-read-timeout: "3600"
    ingress.kubernetes.io/proxy-send-timeout: "3600"
    ingress.kubernetes.io/send-timeout: "3600"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
    nginx.org/rewrites: |-
      serviceName=apicurio-studio-ws rewrite=/;                                                                                                                                           │
      serviceName=apicurio-studio-ui rewrite=/;                                                                                                                                                   │
      serviceName=apicurio-studio-api rewrite=/ 
    {{- with .Values.ingress.annotations }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
spec:
  ingressClassName: nginx
  rules:
    - host: {{ .Values.ui.hostname }}
      http:
        paths:
          - backend:
              service:
                name: {{ .Values.ws.name }}
                port:
                  number: {{ .Values.ws.port }}
            path: /designs
            pathType: Prefix
          - backend:
              service:
                name: {{ .Values.ui.name }}
                port:
                  number: {{ .Values.ui.port }}
            path: /
            pathType: Prefix
          - backend:
              service:
                name: {{ .Values.api.name }}
                port:
                  number: {{ .Values.api.port }}
            path: /studio-api
            pathType: Prefix
  {{- if .Values.ingress.tls.enabled }}
  tls:
  - hosts:
    - {{ .Values.ui.hostname }}
    secretName: {{ .Values.ui.hostname }}-tls
  {{- end }}

I've also tried original one from helm (as I am installing it from Helm) or from Kubernetes configuration provided in distro/kuberentes but got the same problem.