Skip to main content

Client IP Address Appearing as 10.244.x.x

Problem

Client IP address appears as 10.244.x.x in Kubernetes environment.

Reason/Why

In Kubernetes NodePort structure, if X-Forwarded-For value does not come from client, it routes the pod’s IP address to the application behind by default. As a solution, we can solve it by making the externalTrafficPolicy value Local, but this time since NodePort does not route incoming requests to other servers in the Cluster, access problems occur. It is necessary to know the relevant Node and go to it.

Solution

Since Apinizer Workers will be placed behind a structure like Nginx or F5, xff information needs to be added to the header in the relevant loadbalancer’s configuration file as follows.
This setting can be made for Nginx as follows: 
location /apigateway/ {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://api.inst.com/apigateway/;
} # end location

WS-S/WS-STS Token Retrieval Routing Issue in SOAP Services

Problem

WS-S or WS-STS policies used in SOAP services cannot retrieve tokens due to “PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target” error.

Reason/Why

Since the certificate loaded to Apinizer cannot be seen in SOAP service call, token retrieval of this service needs to be done through reverse proxy.

Solution

A reverse proxy that routes with the relevant token retrieval address is created and the token retrieval address of the wss/wssts policy in the service using tokens is given as this service. In rare cases, it may be necessary to change the address in the xml message with script through reverse proxy.

DNS Resolution Issues

Problem

Some service addresses not being resolved instantly in systems with intensive environment usage or high number of rate limit definitions.

Reason/Why

This situation is caused by insufficient DNS resolution performance.

Solution

1

Increase CoreDNS Resource Limits

CPU and RAM resources should be increased to enable processing more queries simultaneously.
2

Distribute CoreDNS Over Nodes

Deployment should be reconfigured so that there is one CoreDNS pod on each worker node. This way, DNS queries can be processed in a distributed manner without piling up at a central point.

GetCapabilities Routing Issue in Geographic Information Systems Services

Problem

Addresses in the WSDL returned with GetCapabilities in Geographic Information Systems services need to be moved to Apinizer.

Solution

With a Business Rule or Script policy to be added to section 2, if the value ‘GetCapabilities’ comes in the ‘request’ key as a query param in the url, the address here should be changed with string replace to route to the relevant proxy in Apinizer.