shreemaan-abhishek
commented
6 days ago The DNS problem looks like a generic issue. Does this issue exist in the forementioned setup only? Have you tried to narrow down the problem?
Open remiborredon opened 1 week ago
shreemaan-abhishek
commented
6 days ago The DNS problem looks like a generic issue. Does this issue exist in the forementioned setup only? Have you tried to narrow down the problem?
Current Behavior
Hello,
I'm using Apisix for protecting a SoapAPI with openid. My identity provider is Keycloak and is located one VM and Apisix and my service are located in a Microk8s cluster located in an other VM.
My issue is that sometimes (not always), APISIX is not able to resolve the keycloak DNS address (see in the error logs section)
The Soap route is the following:
id: mysoaproute uri: /Bombardier/Transport/Orbiflo/Common/FileRepositoryService/Service.svc plugins: openid-connect: client_id: soap-id client_secret: client-secret discovery: keycloak-DNS-name/realms/myrealm/.well-known/openid-configuration scope: "openid profile" bearer_only: true realm: myrealm upstream: type: roundrobin nodes: path-of-the-serviceI have no idea on the way to proceed to investigate this issue.
Thanks in avance for your help!
Expected Behavior
The openid module shall be able to contact keycloak at each request.
Error Logs
2024/10/03 14:15:37 [error] 50#50: 71038 [lua] resolver.lua:80: parsedomain(): failed to parse domain: keycloak-DNS-name, error: failed to query the DNS server: dns server error: 3 name error, client: xx.xx.xx.xx, server: , request: "GET /mySoapSvc HTTP/1.1", host: "cluster-dns-name" 2024/10/03 14:15:37 [error] 50#50: 71038 [lua] openidc.lua:525: call_tokenendpoint(): accessing introspection endpoint (https://keycloak-DNS-name/realms/myrealm/protocol/openid-connect/token/introspect) failed: failed to parse domain: failed to query the DNS server: dns server error: 3 name error, client: xx.xx.xx.xx, server: , request: "GET /mySoapSvc HTTP/1.1", host: "cluster-dns-name" 2024/10/03 14:15:37 [error] 50#50: 71038 [lua] openid-connect.lua:503: phasefunc(): OIDC introspection failed: accessing introspection endpoint (https://keycloak-DNS-name/realms/myrealm/protocol/openid-connect/token/introspect) failed: failed to parse domain: failed to query the DNS server: dns server error: 3 name error, client: xx.xx.xx.xx, server: , request: "GET /mySoapSvc HTTP/1.1", host: "cluster-dns-name" 2024/10/03 14:15:37 [warn] 50#50: 71038 [lua] plugin.lua:1160: runplugin(): openid-connect exits with http status code 401, client: xx.xx.xx.xx, server: , request: "GET /mySoapSvc HTTP/1.1", host: "cluster-dns-name"
Steps to Reproduce
Environment
apisix version): 3.9.1-debianuname -a): Ubuntu 22.04 (microk8s rev 1.30.5)openresty -Vornginx -V): 1.11.2curl http://127.0.0.1:9090/v1/server_info): 3.5.10-debian-11-r2