mTLS incompatible with .NET Aspire Dashboard

microsoft / azure-container-apps

Roadmap and issues for Azure Container Apps

MIT License

362 stars 29 forks source link

mTLS incompatible with .NET Aspire Dashboard #1203

Closed onionhammer closed 2 months ago

onionhammer commented 3 months ago

Please provide us with the following information:

This issue is a: (mark with an x)

[x] bug report -> please search issues before submitting
[ ] documentation issue or request
[ ] regression (a behavior that used to work and stopped in a new release)

Issue description

When you enable '.NET Aspire Dashboard' and 'mTLS', the .NET aspire dashboard's structured logs, traces, and metrics pages will be blank. The 'console' page continues to work.

Steps to reproduce

Deploy a .NET aspire app
Enable mTLS

Expected behavior [What you expected to happen.] The three aforementioned pages should work

Actual behavior [What actually happened.] The structured logs, traces, and metrics pages do not work

Screenshots

snehapar9 commented 2 months ago

Thanks for reporting this issue @onionhammer! Can you please confirm you're still seeing this issue if you enable mTLS and Aspire? Can you please email your environment name and subscription Id to acasupport@microsoft.com? We will take a look.

onionhammer commented 2 months ago

I tried to check it again this morning, was getting a series of 403s (I have contributor role assigned diirectly), now I'm getting an internal server error. Will email the info shortly

snehapar9 commented 2 months ago

Thanks @onionhammer! Looks like the 403s you're seeing is a different issue un-related to mTLS. Does it throw 403s on re-tries also?

onionhammer commented 2 months ago

Thanks @onionhammer! Looks like the 403s you're seeing is a different issue un-related to mTLS. Does it throw 403s on re-tries also?

I was trying to test out mTLS per your request, but this other issue has now prevented me from accessing the dashboard at all

onionhammer commented 2 months ago

Okay, 403 resolved itself this morning so I was able to test re-enabling mTLS, now I see a black screen with just this text:

"upstream connect error or disconnect/reset before headers. retried and the latest reset reason: remote connection failure, transport failure reason: delayed connect error: 111"

Once I disable mTLS it works again

snehapar9 commented 2 months ago

@onionhammer Thanks for checking! The error you're seeing should be temporary during the shift between the plaintext endpoint and the encrypted one.

The root cause for missing OTLP data you were seeing earlier is related to this issue. Enabling mTLS should have no impact on accessing the Aspire dashboard.

onionhammer commented 2 months ago

"Should" being the operative word, I'm guessing? How long is 'temporary'? I'll let it sit overnight and see if it eventually works

onionhammer commented 2 months ago

This appears to be resolved now