Open MalibuKoKo opened 1 year ago
apiVersion: getambassador.io/v3alpha1
hostname: '*'
kind: Host
metadata:
name: wildcard-host
requestPolicy:
insecure:
action: Route
The user said "The error is still there and another error generates a looping crash of POD edge-stack (see screenshot)"
In our testing the wildcard host with a self-signed cert works. There's a known issue with Edge Stack 2.x+ where Edge Stack does not have a Filter Chain setup with TLS and the domain as "localhost". Therefore, the DevPortal fetcher service is unable to fetch and index the OpenAPI document. Th wildcard host lets the DevPortal fetch communicate with envoy and ultimately with the backend service. The fetcher is able to talk to envoy since it can connect with the wildcard FilterChain which is configured with TLS. Second, the fetcher code base configures the http.Client to skip verifying the server certs and on each request the http.Request.Host is faked by setting it to the hostname from the mapping which allows Envoy to route it to the upstream service. This is the most straightforward workaround for now until we create a longer term fix.
Describe the bug The docs cannot be fetched, errors can be seen in Pods :
kubectl logs deployment.apps/edge-stack -c emissary-ingress --namespace=ambassador -
To Reproduce Steps to reproduce the behavior:
Expected behavior Documentation should be fetched and showed on the /docs/ endpoint
Versions: