search

Azure-App-Service / KuduLite

KuduLite is the engine behind git/hg deployments, and various other features in Azure Web Sites on Linux.
Apache License 2.0
64 stars 46 forks source link

/api/ZipDeploy Fails with 404 due to app settings data in headers #231

Open sushmithavangala opened 3 years ago

sushmithavangala commented 3 years ago

Due to validations fail in headers , zipDeploy is failing with 404. The best fix for this is to not add all the appsettings as part of headers and rather read them through app settings secret file.

Logs from envoy pods 

[2021-11-01 13:07:46.151][1][warning][config] [source/common/config/grpc_subscription_impl.cc:126] gRPC config for type.googleapis.com/envoy.config.route.v3.RouteConfiguration rejected: Proto constraint validation failed (RouteConfigurationValidationError.VirtualHosts[1]: embedded message failed validation | caused by VirtualHostValidationError.RequestHeadersToAdd[4]: embedded message failed validation | caused by HeaderValueOptionValidationError.Header: embedded message failed validation | caused by HeaderValueValidationError.Value: value does not match regex pattern "^[^\x00\n\r]*$"): name: "internal_https_route"
virtual_hosts {
  name: "k8se-apps_kafka-js-sample"
  domains: "kafka-js-sample.internal.k4apps-example.io"
  domains: "kafka-js-sample.internal.k4apps-example.io:*"
  routes {
    match {
      prefix: "/admin"
    }
    route {
      cluster: "k8se-apps_kafka-js-sample"
      timeout {
        seconds: 1800
      }
      idle_timeout {
        seconds: 240
      }
      upgrade_configs {
        upgrade_type: "websocket"
        enabled {
          value: true
        }
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-name"
        value: "kafka-js-sample"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-namespace"
        value: "k8se-apps"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-secret-endpoint-name"
        value: "kafka-js-sample-secrets"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-framework"
        value: "NODE|14"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-protocol"
        value: "http1"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-kind"
        value: "functionapp"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "content-type"
        value: "application/json"
      }
      append {
        value: true
      }
    }
    typed_per_filter_config {
      key: "envoy.filters.http.rbac"
      value {
      }
    }
  }
  routes {
    match {
      prefix: "/"
    }
    route {
      cluster: "k8se-apps_kafka-js-sample"
      timeout {
        seconds: 1800
      }
      idle_timeout {
        seconds: 240
      }
      upgrade_configs {
        upgrade_type: "websocket"
        enabled {
          value: true
        }
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-name"
        value: "kafka-js-sample"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-namespace"
        value: "k8se-apps"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-secret-endpoint-name"
        value: "kafka-js-sample-secrets"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-framework"
        value: "NODE|14"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-protocol"
        value: "http1"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-kind"
        value: "functionapp"
      }
      append {
      }
    }
    typed_per_filter_config {
      key: "envoy.filters.http.rbac"
      value {
      }
    }
  }
  request_headers_to_add {
    header {
      key: "X-ARR-SSL"
      value: "true"
    }
    append {
    }
  }
  retry_policy {
    retry_on: "reset,connect-failure,refused-stream,retriable-headers"
    num_retries {
      value: 5
    }
    retriable_headers {
      name: "x-ms-k8se-activator-retry"
    }
  }
}
virtual_hosts {
  name: "k8se-apps_kafka-js-sample_scm_internal"
  domains: "kafka-js-sample.scm.internal.k4apps-example.io"
  domains: "kafka-js-sample.scm.internal.k4apps-example.io:*"
  routes {
    match {
      prefix: "/"
    }
    route {
      cluster: "build_server_scm"
      idle_timeout {
        seconds: 240
      }
    }
    typed_per_filter_config {
      key: "envoy.filters.http.rbac"
      value {
      }
    }
  }
  request_headers_to_add {
    header {
      key: "K8SE_APP_NAME"
      value: "kafka-js-sample"
    }
    append {
    }
  }
  request_headers_to_add {
    header {
      key: "x-k8se-app-name"
      value: "kafka-js-sample"
    }
    append {
    }
  }
  request_headers_to_add {
    header {
      key: "x-k8se-app-namespace"
      value: "k8se-apps"
    }
    append {
    }
  }
  request_headers_to_add {
    header {
      key: "K8SE_APP_TYPE"
      value: "functionapp"
    }
    append {
    }
  }
  request_headers_to_add {
    header {
      key: "APPSETTING_WEBSITE_AUTH_ENCRYPTION_KEY"
      value: "cQuYwPZZAJ3F/FFkt3TOwC0L+hEgZs2QRbvd9Ih0xs0=\n"
    }
    append {
    }
  }
}
response_headers_to_remove: "x-envoy-upstream-service-time"

[2021-11-01 13:07:46.151][1][warning][config] [source/common/config/grpc_subscription_impl.cc:126] gRPC config for type.googleapis.com/envoy.config.route.v3.RouteConfiguration rejected: Proto constraint validation failed (RouteConfigurationValidationError.VirtualHosts[1]: embedded message failed validation | caused by VirtualHostValidationError.RequestHeadersToAdd[4]: embedded message failed validation | caused by HeaderValueOptionValidationError.Header: embedded message failed validation | caused by HeaderValueValidationError.Value: value does not match regex pattern "^[^\x00\n\r]*$"): name: "external_https_route"
virtual_hosts {
  name: "k8se-apps_kafka-js-sample"
  domains: "kafka-js-sample.k4apps-example.io"
  domains: "kafka-js-sample.k4apps-example.io:*"
  routes {
    match {
      prefix: "/admin"
    }
    route {
      cluster: "k8se-apps_kafka-js-sample"
      timeout {
        seconds: 1800
      }
      idle_timeout {
        seconds: 240
      }
      upgrade_configs {
        upgrade_type: "websocket"
        enabled {
          value: true
        }
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-name"
        value: "kafka-js-sample"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-namespace"
        value: "k8se-apps"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-secret-endpoint-name"
        value: "kafka-js-sample-secrets"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-framework"
        value: "NODE|14"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-protocol"
        value: "http1"
      }
      append {
      }
    }
    request_headers_to_add {
      header {
        key: "x-k8se-app-kind"
        value: "functionapp"
      }
sushmithavangala commented 3 years ago

@pragnagopa @TsuyoshiUshio @sanchitmehta Tagging for reference

sushmithavangala commented 3 years ago

@TsuyoshiUshio @sanchitmehta @ahmelsayed

Below is my suggestion for the fix