Charts: [stable/graylog] self-links broken to web-interface

Created on 15 Mar 2020  路  9Comments  路  Source: helm/charts

I've created this IngressRoute:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-graylog
spec:
  entryPoints:
  - web
  routes:
  - kind: Rule
    match: Host(`graylog.localhost`)
    services:
    - name: graylog-web
      port: 9000

As you can see I'm trying to get access to service graylog-web/9000 under graylog.localhost.

My graylog-web/9000 service description is:

$ kubectl get service graylog-web -o yaml
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2020-03-15T16:44:18Z"
  labels:
    app.kubernetes.io/component: web
    app.kubernetes.io/instance: graylog
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: graylog
    app.kubernetes.io/version: "3.1"
    helm.sh/chart: graylog-1.6.1
  name: graylog-web
  namespace: graylog
  resourceVersion: "117147"
  selfLink: /api/v1/namespaces/graylog/services/graylog-web
  uid: de164073-2823-451a-b39a-e52e78b09042
spec:
  clusterIP: 10.43.53.82
  ports:
  - name: graylog
    port: 9000
    protocol: TCP
    targetPort: 9000
  selector:
    app.kubernetes.io/instance: graylog
    app.kubernetes.io/name: graylog
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

I'm able to reach that:

$ curl graylog.localhost
<!DOCTYPE html>
<html>
  <head>
    ...
  </head>
  <body>
    <script src="http://graylog-1.graylog.graylog.svc.cluster.local:9000/config.js"></script>
    ...
  </body>
</html>

Nevertheless, it's returning me self-links to graylog-1.graylog.graylog.svc.cluster.local:9000....

Next time I try to reach it:

$ curl graylog.localhost
<!DOCTYPE html>
<html>
  <head>
    ...
  </head>
  <body>
    <script src="http://graylog-0.graylog.graylog.svc.cluster.local:9000/config.js"></script>
    ...
  </body>
</html>

As you can see, next time it's returning links to graylog-0....

graylog-0 and graylog-1 are pods runing "behind" graylog-web service:

$ kubectl get pods -l app.kubernetes.io/instance=graylog,app.kubernetes.io/name=graylog
NAME        READY   STATUS    RESTARTS   AGE
graylog-0   1/1     Running   0          59m
graylog-1   1/1     Running   0          57m
  1. Why it's returning this so large link to internal pods?
  2. I think it should return self-links to ingressRoute graylog.localhost, shouldn't it?
lifecyclstale
Source
picture jeusdi

Most helpful comment

I think this is due to this line. When I changed it to my public URI, the /api/apibrowser page started working correctly: https://github.com/helm/charts/blob/f710f21dd13f93cb8e62dacf2de181f0f974e360/stable/graylog/templates/configmap.yaml#L142

I don't know where it's picking it up from footer though:
image

my config (using terraform):

    tags:
      install-mongodb: true
      install-elasticsearch: false

    graylog:
      image:
        repository: "graylog/graylog:${local.graylog.version}"

      podAnnotations:
        ${chomp(indent(4, yamlencode(local.annotations)))}

      service:
        master:
          annotations:
            ${chomp(indent(8, yamlencode(local.annotations)))}

      ingress:
        enabled: true
        hosts:
          - "${local.graylog.hostname}"
        annotations:
          "external-dns.alpha.kubernetes.io/hostname": "${local.graylog.hostname}"
          "external-dns.alpha.kubernetes.io/ttl": "300"
          "kubernetes.io/ingress.class": "nginx"
          "nginx.ingress.kubernetes.io/configuration-snippet": |
            proxy_set_header X-Graylog-Server-URL https://${local.graylog.hostname}/;
          ${chomp(indent(6, yamlencode(local.annotations)))}
        tls:
          - secretName: "${local.graylog.certificate}"
            hosts:
              - "${local.graylog.hostname}"

      metrics:
        enabled: true

      rootPassword: "${local.graylog.admin_password}"

      elasticsearch:
        hosts: "${local.graylog.elasticsearch_host}"

      input:
        udp:
          service:
            type: "NodePort"
            annotations:
              "external-dns.alpha.kubernetes.io/hostname": "udp-${local.graylog.hostname}"
              "external-dns.alpha.kubernetes.io/ttl": "300"
          ports:
            ${chomp(indent(8, yamlencode(local.graylog.inputs_udp)))}

      plugins:
        ${chomp(indent(4, yamlencode(local.graylog.plugins)))}

    mongodb-replicaset:
      extraLabels:
        "autopilothq.com/app": "mongodb"
        ${chomp(indent(4, yamlencode(local.labels)))}

      persistentVolume:
        annotations:
          ${chomp(indent(6, yamlencode(local.annotations)))}

      podAnnotations:
        ${chomp(indent(4, yamlencode(local.annotations)))}

      secretAnnotations:
        ${chomp(indent(4, yamlencode(local.annotations)))}

      serviceAnnotations:
        ${chomp(indent(4, yamlencode(local.annotations)))}

      statefulSetAnnotations:
        ${chomp(indent(4, yamlencode(local.annotations)))}

      metrics:
        enabled: true
picture calvinbui on 16 Apr 2020
👍2

All 9 comments

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

stale[bot] picture stale[bot] on 14 Apr 2020

I think this is due to this line. When I changed it to my public URI, the /api/apibrowser page started working correctly: https://github.com/helm/charts/blob/f710f21dd13f93cb8e62dacf2de181f0f974e360/stable/graylog/templates/configmap.yaml#L142

I don't know where it's picking it up from footer though:
image

my config (using terraform):

    tags:
      install-mongodb: true
      install-elasticsearch: false

    graylog:
      image:
        repository: "graylog/graylog:${local.graylog.version}"

      podAnnotations:
        ${chomp(indent(4, yamlencode(local.annotations)))}

      service:
        master:
          annotations:
            ${chomp(indent(8, yamlencode(local.annotations)))}

      ingress:
        enabled: true
        hosts:
          - "${local.graylog.hostname}"
        annotations:
          "external-dns.alpha.kubernetes.io/hostname": "${local.graylog.hostname}"
          "external-dns.alpha.kubernetes.io/ttl": "300"
          "kubernetes.io/ingress.class": "nginx"
          "nginx.ingress.kubernetes.io/configuration-snippet": |
            proxy_set_header X-Graylog-Server-URL https://${local.graylog.hostname}/;
          ${chomp(indent(6, yamlencode(local.annotations)))}
        tls:
          - secretName: "${local.graylog.certificate}"
            hosts:
              - "${local.graylog.hostname}"

      metrics:
        enabled: true

      rootPassword: "${local.graylog.admin_password}"

      elasticsearch:
        hosts: "${local.graylog.elasticsearch_host}"

      input:
        udp:
          service:
            type: "NodePort"
            annotations:
              "external-dns.alpha.kubernetes.io/hostname": "udp-${local.graylog.hostname}"
              "external-dns.alpha.kubernetes.io/ttl": "300"
          ports:
            ${chomp(indent(8, yamlencode(local.graylog.inputs_udp)))}

      plugins:
        ${chomp(indent(4, yamlencode(local.graylog.plugins)))}

    mongodb-replicaset:
      extraLabels:
        "autopilothq.com/app": "mongodb"
        ${chomp(indent(4, yamlencode(local.labels)))}

      persistentVolume:
        annotations:
          ${chomp(indent(6, yamlencode(local.annotations)))}

      podAnnotations:
        ${chomp(indent(4, yamlencode(local.annotations)))}

      secretAnnotations:
        ${chomp(indent(4, yamlencode(local.annotations)))}

      serviceAnnotations:
        ${chomp(indent(4, yamlencode(local.annotations)))}

      statefulSetAnnotations:
        ${chomp(indent(4, yamlencode(local.annotations)))}

      metrics:
        enabled: true
calvinbui picture calvinbui on 16 Apr 2020
👍2

I also faced the same issue and I did workaround as:

  1. Create LoadBlancer service with
$ cat graylog-dashboard-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: graylog-dashboard
  namespace: graylog
  labels:
    app.kubernetes.io/instance: graylog
spec:
  ports:
    - name: transport
      port: 9000
      protocol: TCP
      targetPort: 9000
  selector:
    app.kubernetes.io/instance: graylog
    app.kubernetes.io/name: graylog
    graylog-role: master
  type: LoadBalancer
$
$ kubectl create -f graylog-dashboard-service.yaml
  1. Check the external IP of the service
$ kubectl get service graylog-dashboard -n graylog
NAME                TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)          AGE
graylog-dashboard   LoadBalancer   10.0.66.80   1.2.3.4   9000:31932/TCP   18m
  1. Specify the external IP as graylog.externalUri option:
$ helm install --namespace graylog graylog stable/graylog --set graylog.externalUri=1.2.3.4:9000
oomichi picture oomichi on 23 Apr 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

stale[bot] picture stale[bot] on 23 May 2020

This issue is being automatically closed due to inactivity.

stale[bot] picture stale[bot] on 6 Jun 2020

Hi all,
Has anyone been able to resolve this?
Anyone had any experience with MetalLB? I hoped that would solve the issue as suggested by @oomichi but no luck, it loads the html page but all the js files reference to http://graylog-0.graylog.graylog.svc.cluster.local:9000/config.js ,etc.

Any help would be highly appreciated.

@calvinbui did you hard coded the URI in the template configmap.yaml or came up with a more elegant solution? I don't know much about Go templating language but you did spot the issue... have you thought about contributing to the chart code?

micos76 picture micos76 on 9 Jun 2020
👀1

I have a similar situation. There is clusterIp service that created called graylog-web. If I set externalUri: 127.0.0.1:8000 and user kubectl port-forward service/graylog-web 8000:9000 --namespace graylog. Able to access the user interface. But When inputs configured it again some how picking up http://graylog-1.graylog.graylog.svc.cluster.local and Failing configuration problem. I am sure zookeeper string is correct in the configuration. @micos76 have been able to get some solution ?

shivoham77 picture shivoham77 on 13 Jul 2020

Faced same issue, setting externalUri: "https://my-external.com" caused the creation of externalUri: "http://https://my-external.com" and the Kubernetes Ingress was not working properly.

As a workaround I edited graylog configmap, there is two mentions to "http://https:". After saving, do not forget to force a restart of the statefulset.

Definitive solution should be patching the helm chart to check if http or https.

rsilva-nk picture rsilva-nk on 21 Jul 2020

I have a similar situation. There is clusterIp service that created called graylog-web. If I set externalUri: 127.0.0.1:8000 and user kubectl port-forward service/graylog-web 8000:9000 --namespace graylog. Able to access the user interface. But When inputs configured it again some how picking up http://graylog-1.graylog.graylog.svc.cluster.local and Failing configuration problem. I am sure zookeeper string is correct in the configuration. @micos76 have been able to get some solution ?

It was problem of kafka api being used by graylog version 3.1 when upgraded to 3.2 it works about to get log messages from kafka.

shivoham77 picture shivoham77 on 21 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mickengland picture mickengland  路  3Comments
michas2 picture michas2  路  3Comments
harshmehta93 picture harshmehta93  路  3Comments
rajkumar49 picture rajkumar49  路  3Comments
kminehart picture kminehart  路  3Comments