Develop Reference

(invalid_token_response) An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]

I'm creating Microservices that are deployed in docker-desktop Kubernetes cluster for development. I'm using Spring security with Auth0 and the pods are using Kubernetes Native Service Discovery coupled with Spring cloud gateway. When I log in using Auth0, it authenticates just fine but the token that is received appears to be empty based on the error given.
I'm new to Kubernetes and this error only seems to occur when running the application on the kubernetes cluster. If I use Eureka for local testing, Auth0 works completely fine. I've tried to do some research to see if the issue is the token unable to be retrieved in the kubernetes cluster and the only solution I've seem to be able to find is to implement istioctl within the cluster.
FRONTEND deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-interface-app
labels:
app: user-interface-app
spec:
replicas: 1
selector:
matchLabels:
app: user-interface-app
template:
metadata:
labels:
app: user-interface-app
spec:
containers:
- name: user-interface-app
image: imageName:tag
imagePullPolicy: Always
ports:
- containerPort: 8084
env:
- name: GATEWAY_URL
value: api-gateway-svc.default.svc.cluster.local
- name: ZIPKIN_SERVER_URL
valueFrom:
configMapKeyRef:
name: gateway-cm
key: zipkin_service_url
- name: STRIPE_API_KEY
valueFrom:
secretKeyRef:
name: secret
key: stripe-api-key
- name: STRIPE_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: secret
key: stripe-public-key
- name: STRIPE_WEBHOOK_SECRET
valueFrom:
secretKeyRef:
name: secret
key: stripe-webhook-secret
- name: AUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: secret
key: auth-client-id
- name: AUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: secret
key: auth-client-secret
---
apiVersion: v1
kind: Service
metadata:
name: user-interface-svc
spec:
selector:
app: user-interface-app
type: ClusterIP
ports:
- port: 8084
targetPort: 8084
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: user-interface-lb
spec:
selector:
app: user-interface-app
type: LoadBalancer
ports:
- name: frontend
port: 8084
targetPort: 8084
protocol: TCP
- name: request
port: 80
targetPort: 8084
protocol: TCP
API-GATEWAY deployment.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: gateway-cm
data:
cart_service_url: http://cart-service-svc.default.svc.cluster.local
customer_profile_service_url: http://customer-profile-service-svc.default.svc.cluster.local
order_service_url: http://order-service-svc.default.svc.cluster.local
product_service_url: lb://product-service-svc.default.svc.cluster.local
zipkin_service_url: http://zipkin-svc.default.svc.cluster.local:9411
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway-app
labels:
app: api-gateway-app
spec:
replicas: 1
selector:
matchLabels:
app: api-gateway-app
template:
metadata:
labels:
app: api-gateway-app
spec:
containers:
- name: api-gateway-app
image: imageName:imageTag
imagePullPolicy: Always
ports:
- containerPort: 8090
env:
- name: PRODUCT_SERVICE_URL
valueFrom:
configMapKeyRef:
name: gateway-cm
key: product_service_url
---
apiVersion: v1
kind: Service
metadata:
name: api-gateway-np
spec:
selector:
app: api-gateway-app
type: NodePort
ports:
- port: 80
targetPort: 8090
protocol: TCP
nodePort: 30499
---
apiVersion: v1
kind: Service
metadata:
name: api-gateway-svc
spec:
selector:
app: api-gateway-app
type: ClusterIP
ports:
- port: 80
targetPort: 8090
protocol: TCP

Cannot access the Kafka Broker from inside the Kubernetes cluster

I have a kafka broker and a spring boot application in my Kubernetes cluster. They are running on their own containers.
The spring boot application is a message producer. It needs to access the kafkabroker to send the messages. But it couldn't access the Kafka broker by providing the Kafka's servicename:port in the producers bootstrap.servers
Any help would be greatly appreciated.
Zookeper and KafkaBroker configuration in yaml:
---
apiVersion: v1
kind: Service
metadata:
labels:
app: zookeeper-service
name: zookeeper-service
namespace: mynamespace-k8s
spec:
type: NodePort
ports:
- name: zookeeper-port
port: 2181
nodePort: 30181
targetPort: 2181
selector:
app: zookeeper
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: zookeeper
name: zookeeper
namespace: mynamespace-k8s
spec:
replicas: 1
selector:
matchLabels:
app: zookeeper
template:
metadata:
labels:
app: zookeeper
spec:
containers:
- image: wurstmeister/zookeeper
imagePullPolicy: IfNotPresent
name: zookeeper
ports:
- containerPort: 2181
---
apiVersion: v1
kind: Service
metadata:
labels:
app: kafka-broker
name: kafka-service
namespace: mynamespace-k8s
spec:
ports:
- port: 9092
selector:
app: kafka-broker
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: kafka-broker
name: kafka-broker
namespace: mynamespace-k8s
spec:
replicas: 1
selector:
matchLabels:
app: kafka-broker
template:
metadata:
labels:
app: kafka-broker
spec:
hostname: kafka-broker
containers:
- env:
- name: KAFKA_PORT
value: "9092"
- name: KAFKA_ADVERTISED_PORT
value: "9092"
- name: KAFKA_ADVERTISED_HOST_NAME
value: kafka-service.mynamespace-k8s
- name: KAFKA_ZOOKEEPER_CONNECT
value: zookeeper-service.mynamespace-k8s:2181
- name: KAFKA_BROKER_ID
value: "1"
image: wurstmeister/kafka
imagePullPolicy: IfNotPresent
name: kafka-broker
ports:
- containerPort: 9092
My springboot application conf in yaml:
apiVersion: v1
kind: Service
metadata:
name: locationmanager-service
namespace: mynamespace-k8s
labels:
app: locationmanager
spec:
selector:
app: locationmanager
type: LoadBalancer
ports:
- protocol: TCP
port: 8080
targetPort: 8080
nodePort: 32588
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: locationmanager-deployment
namespace: mynamespace-k8s
labels:
app: locationmanager
spec:
replicas: 1
strategy:
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
selector:
matchLabels:
app: locationmanager
template:
metadata:
labels:
app: locationmanager
spec:
containers:
- name: locationmanager
image: aef/locmanager:latest
ports:
- containerPort: 8081
resources:
limits:
memory: "1Gi"
cpu: "1000m"
requests:
memory: "256Mi"
cpu: "500m"
env:
- name: CONFIG_KAFKA_BOOTSTRAP_SERVERS
value: kafka-service.mynamespace-k8s:9092
Spring boot's bootstrap.server in application.properties:
spring.kafka.producer.bootstrap-servers= ${CONFIG_KAFKA_BOOTSTRAP_SERVERS}
When springboot application tries to create a topic, I receive the exception below:
2022-07-07 10:51:50,078 ERROR o.s.k.c.KafkaAdmin [main] Could not configure topics
org.springframework.kafka.KafkaException: Timed out waiting to get existing topics; nested exception is java.util.concurrent.TimeoutException
at org.springframework.kafka.core.KafkaAdmin.lambda$checkPartitions$5(KafkaAdmin.java:275) ~[spring-kafka-2.8.4.jar!/:2.8.4]
at java.util.HashMap.forEach(HashMap.java:1337) ~[?:?]
at org.springframework.kafka.core.KafkaAdmin.checkPartitions(KafkaAdmin.java:254) ~[spring-kafka-2.8.4.jar!/:2.8.4]
at org.springframework.kafka.core.KafkaAdmin.addOrModifyTopicsIfNeeded(KafkaAdmin.java:240) ~[spring-kafka-2.8.4.jar!/:2.8.4]
at org.springframework.kafka.core.KafkaAdmin.initialize(KafkaAdmin.java:178) ~[spring-kafka-2.8.4.jar!/:2.8.4]
at org.springframework.kafka.core.KafkaAdmin.afterSingletonsInstantiated(KafkaAdmin.java:145) ~[spring-kafka-2.8.4.jar!/:2.8.4]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:972) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) ~[spring-context-5.3.18.jar!/:5.3.18]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583) ~[spring-context-5.3.18.jar!/:5.3.18]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:145) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:740) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:415) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1312) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1301) ~[spring-boot-2.6.6.jar!/:2.6.6]
at com.trendyol.locationmanager.LocationManagerApplication.main(LocationManagerApplication.java:24) ~[classes!/:0.0.1-SNAPSHOT]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[locationmanager.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:108) ~[locationmanager.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[locationmanager.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) ~[locationmanager.jar:0.0.1-SNAPSHOT]
Caused by: java.util.concurrent.TimeoutException
at java.util.concurrent.CompletableFuture.timedGet(CompletableFuture.java:1886) ~[?:?]
at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2021) ~[?:?]
at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:180) ~[kafka-clients-3.0.1.jar!/:?]
at org.springframework.kafka.core.KafkaAdmin.lambda$checkPartitions$5(KafkaAdmin.java:257) ~[spring-kafka-2.8.4.jar!/:2.8.4]
... 23 more

There are several issues with your configuration, which are leading to the services not working correctly:
The zookeeper-service is of type NodePort. Therefore, there is no need to specify the port parameter. The traffic will be received on nodePort: 30181 and forwarded to the targetPort: 2181.
The kafka-broker service is not specifying any targetPort parameter. The service is of ClusterIP type by default which requires this parameter. You are receiving traffic on port: 9092 but you're not forwarding it to any pods. You need to add targetPort: 9092 which is the value of your KAFKA_PORT environment variable. This will correctly forward the incoming traffic to the right kafka-service pods.
The springboot application locationmanager is of type Loadbalancer therefore, there is no need to specify the nodePort parameter. Remove it. Additionally, the service is receiving traffic on port: 8080 and forwards it to the pods on targetPort: 8080. This is incorrect, since your application deployment exposes containerPort: 8081 instead of 8080.
Fixing these configuration issues will fix your problem.

Mariadb on kubernetes Got an error reading communication packets

I try to deploy an application with a mariadb database on my k8s cluster. This is the deployment i use:
apiVersion: v1
kind: Service
metadata:
name: app-back
labels:
app: app-back
namespace: dev
spec:
type: ClusterIP
ports:
- port: 8080
name: app-back
selector:
app: app-back
---
apiVersion: v1
kind: Service
metadata:
name: app-db
labels:
app: app-db
namespace: dev
spec:
type: ClusterIP
clusterIP: None
ports:
- port: 3306
name: app-db
selector:
app: app-db
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql
labels:
app: mysql
data:
60-server.cnf: |
[mysqld]
bind-address = 0.0.0.0
skip-name-resolve
connect_timeout = 600
net_read_timeout = 600
net_write_timeout = 600
max_allowed_packet = 256M
default-time-zone = +00:00
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-db
namespace: dev
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: app-db
template:
metadata:
labels:
app: app-db
spec:
containers:
- name: app-db
image: mariadb:10.5.8
env:
- name: MYSQL_DATABASE
value: app
- name: MYSQL_USER
value: app
- name: MYSQL_PASSWORD
value: app
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "true"
ports:
- containerPort: 3306
name: app-db
resources:
requests:
memory: "200Mi"
cpu: "100m"
limits:
memory: "400Mi"
cpu: "200m"
volumeMounts:
- name: config-volume
mountPath: /etc/mysql/conf.d
volumes:
- name: config-volume
configMap:
name: mysql
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-back
namespace: dev
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: app-back
template:
metadata:
labels:
app: app-back
spec:
containers:
- name: app-back
image: private-repository/app/app-back:latest
env:
- name: spring.profiles.active
value: dev
- name: DB_HOST
value: app-db
- name: DB_PORT
value: "3306"
- name: DB_NAME
value: app
- name: DB_USER
value: app
- name: DB_PASSWORD
value: app
ports:
- containerPort: 8080
name: app-back
resources:
requests:
memory: "200Mi"
cpu: "100m"
limits:
memory: "200Mi"
cpu: "400m"
imagePullSecrets:
- name: docker-private-credentials
When i run this, the mariadb container log the following warning :
2020-12-03 8:23:41 28 [Warning] Aborted connection 28 to db: 'app' user: 'app' host: 'xxx.xxx.xxx.xxx' (Got an error reading communication packets)
2020-12-03 8:23:41 25 [Warning] Aborted connection 25 to db: 'app' user: 'app' host: 'xxx.xxx.xxx.xxx' (Got an error reading communication packets)
2020-12-03 8:23:41 31 [Warning] Aborted connection 31 to db: 'app' user: 'app' host: 'xxx.xxx.xxx.xxx' (Got an error reading communication packets)
2020-12-03 8:23:41 29 [Warning] Aborted connection 29 to db: 'app' user: 'app' host: 'xxx.xxx.xxx.xxx' (Got an error reading communication packets)
...
My app is stuck on trying to connect to the database. The application is a Sprinbboot application build with this dockerfile:
FROM maven:3-adoptopenjdk-8 AS builder
WORKDIR /usr/src/mymaven/
COPY . .
RUN mvn clean package -e -s settings.xml -DskipTests
FROM tomcat:9-jdk8-adoptopenjdk-hotspot
ENV spring.profiles.active=dev
ENV DB_HOST=localhost
ENV DB_PORT=3306
ENV DB_NAME=app
ENV DB_USER=app
ENV DB_PASSWORD=app
COPY --from=builder /usr/src/mymaven/target/app.war /usr/local/tomcat/webapps/
Any idea?

Ok, i found the solution. This was not an error of mariadb. This is due to apache that break the connection if running inside a container with to low memory. Set memory limit to 1500Mi solved the problem.

Elasticsearch high level rest client, connection reset error in Kubernetes

I am using a single node elasticsearch server and a Java application based on elasticsearch high level rest client. Both are running in a Kubernetes cluster.
#Bean(destroyMethod = "close")
public RestHighLevelClient client(){
RestHighLevelClient client = null;
Logger.getLogger(getClass().getName()).info("Connecting to elasticsearch on host : " + host);
client = new RestHighLevelClient(RestClient.builder(new HttpHost(host, port, "http")));
return client;
}
This is working fine until service kept idle for about 10 minutes. When trying to query elasticsearch server an exception is thrown form java service
java.io.IOException: Connection reset
at org.elasticsearch.client.RestClient$SyncResponseListener.get(RestClient.java:948) ~[elasticsearch-rest-client-6.4.3.jar!/:7.2.0]
at org.elasticsearch.client.RestClient.performRequest(RestClient.java:227) ~[elasticsearch-rest-client-6.4.3.jar!/:7.2.0]
at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1448) ~[elasticsearch-rest-high-level-client-7.2.0.jar!/:7.2.0]
at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1418) ~[elasticsearch-rest-high-level-client-7.2.0.jar!/:7.2.0]
at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1388) ~[elasticsearch-rest-high-level-client-7.2.0.jar!/:7.2.0]
at org.elasticsearch.client.RestHighLevelClient.search(RestHighLevelClient.java:930) ~[elasticsearch-rest-high-level-client-7.2.0.jar!/:7.2.0]
When I send the requests three time to the service it will again works. But after about 10 minutes of idle time service will give the same exception. I have a docker-compose setup with same images but there is no issue like this.
My elasticsearch deployment
apiVersion: v1
kind: Service
metadata:
name: elasticsearch
spec:
type: NodePort
ports:
- name: client
port: 9200
targetPort: 9200
- name: nodes
port: 9300
targetPort: 9300
selector:
app: elasticsearch
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elasticsearch
spec:
serviceName: elasticsearch
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0
name: elasticsearch
env:
- name: cluster.name
value: "docker-cluster"
- name: 'ES_JAVA_OPTS'
value: "-Xms512m -Xmx512m"
- name: discovery.type
value: "single-node"
ports:
- containerPort: 9200
- containerPort: 9300
name: mysql
volumeMounts:
- name: elasticsearch-persistent-storage
mountPath: /usr/share/elasticsearch/data
volumes:
- name: elasticsearch-persistent-storage
persistentVolumeClaim:
claimName: elasticsearch-claim
initContainers:
- image: alpine:3.6
command: ["/sbin/sysctl", "-w", "vm.max_map_count=262144"]
name: elasticsearch-init
securityContext:
privileged: true
My Java Service
apiVersion: v1
kind: Service
metadata:
name: search
spec:
ports:
- port: 9099
targetPort: 9099
selector:
app: search
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: search
spec:
selector:
matchLabels:
app: search
strategy:
type: Recreate
replicas: 1
template:
metadata:
labels:
app: search
spec:
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- image: search-service:0.0.1-SNAPSHOT
name: search
env:
- name: ELASTIC_SEARCH_HOST
value: elasticsearch
- name: ELASTIC_SEARCH_PORT
value: "9200"
- name: ELASTIC_SEARCH_CLUSTER
value: docker-cluster
ports:
- containerPort: 9099

Istio - GKE - gRPC config stream closed; upstream connect error or disconnect/reset before headers. reset reason: connection failure

I am trying to my spring boot micro service in GKE Cluster with istio 1.1.5 latest version as of now. It throws error and pod never spins up. If I run it as a separate service in Kubernetes engine it works perfectly but with isito, it does not work. The purpose for using istio is to host multiple microservices and to use the feature istio provides. Here is my yaml file:
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: revenue
spec:
replicas: 1
template:
metadata:
labels:
app: revenue-serv
tier: backend
track: stable
spec:
containers:
- name: backend
image: "gcr.io/finacials/revenue-serv:latest"
imagePullPolicy: Always
ports:
- containerPort: 8081
livenessProbe:
httpGet:
path: /
port: 8081
initialDelaySeconds: 15
timeoutSeconds: 30
readinessProbe:
httpGet:
path: /
port: 8081
initialDelaySeconds: 15
timeoutSeconds: 30
---
apiVersion: v1
kind: Service
metadata:
name: revenue-serv
spec:
ports:
- port: 8081
#targetPort: 8081
#protocol: TCP
name: http
selector:
app: revenue-serv
tier: backend
type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gateway
annotations:
kubernetes.io/ingress.class: "istio"
spec:
rules:
- http:
paths:
- path: /revenue/.*
backend:
serviceName: revenue-serv
servicePort: 8081
Thanks for your valuable feedback.

I have found the issue. I removed readynessProbe and livenessProbe and created ingressgateway and virtual service. It worked.
deployment & service:
#########################################################################################
# This is for deployment - Service & Deployment in Kubernetes ################
# Author: Arindam Banerjee ################
#########################################################################################
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: revenue-serv
namespace: dev
spec:
replicas: 1
template:
metadata:
labels:
app: revenue-serv
version: v1
spec:
containers:
- name: revenue-serv
image: "eu.gcr.io/rcup-mza-dev/revenue-serv:latest"
imagePullPolicy: Always
ports:
- containerPort: 8081
---
apiVersion: v1
kind: Service
metadata:
name: revenue-serv
namespace: dev
spec:
ports:
- port: 8081
name: http
selector:
app: revenue-serv
gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: worldcup-serv-gateway
namespace: dev
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
virtual-service.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: revenue-serv-virtualservice
namespace: dev
spec:
hosts:
- "*"
gateways:
- revenue-serv-gateway
http:
- route:
- destination:
host: revenue-serv