upstream connect error or disconnect/reset before headers. reset reason: connection failure
287 views
Skip to first unread message
Manish Jain
May 22, 2020, 10:18:13 AM5/22/20
to Google Cloud Endpoints
Hi All,
I was following cloud endpoint tutorial for GKE.
The only change i did it is change the ESP proxy runtime version from 1 to 2.
But now I started getting following error "upstream connect error or disconnect/reset before headers. reset reason: connection failure" , can someone help me with this.
I used api keys flow to authenticate the endpoint which was working fine with ESP proxy runtime version 1.
Regards
Manish Jain
Jilin Xia
May 22, 2020, 1:07:45 PM5/22/20
to Manish Jain, Google Cloud Endpoints
Hi, Manish:
ESPv2 for GKE is not officially supported yet, but almost there. We are preparing detailed documentations for migration from ESPv1 to ESPv2.
For your issue, you can try to change the args to:
args: [
"--listener_port=8081",
"--backend=http://127.0.0.1:8080",
"--service=SERVICE_NAME",
"--rollout_strategy=managed",
]
You can also add --enable_debug in order to check the detailed envoy log why upstream connection failed.
Regards
Jilin
--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/8c80ea0b-2cb4-416b-8903-f1990486fb1e%40googlegroups.com.
Jilin Xia Senior Software Engineer |
Manish Jain
May 28, 2020, 6:04:43 AM5/28/20
to Google Cloud Endpoints
seems issue with creating certificate file for ngnix. any reason why ?
error : Invalid path: /etc/nginx/ssl/nginx.crt
D0528 09:59:44.279 20 envoy] [20][misc][external/envoy/source/common/filesystem/posix/filesystem_impl.cc:139] Unable to determine canonical path for /etc/nginx/ssl/nginx.crt: No such file or directory
D0528 09:59:44.279 20 envoy] [20][init][external/envoy/source/common/init/watcher_impl.cc:27] Listener-local-init-watcher https_listener destroyed
D0528 09:59:44.279 20 envoy] [20][init][external/envoy/source/common/init/watcher_impl.cc:27] init manager Listener-local-init-manager https_listener 8284282472387698601 destroyed
D0528 09:59:44.279 20 envoy] [20][init][external/envoy/source/common/init/target_impl.cc:32] target Listener-init-target https_listener destroyed
D0528 09:59:44.279 20 envoy] [20][config][external/envoy/source/common/config/grpc_mux_impl.cc:106] Resuming discovery requests for type.googleapis.com/envoy.api.v2.RouteConfiguration
W0528 09:59:44.279 20 envoy] [20][config][external/envoy/source/common/config/grpc_subscription_impl.cc:101] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) https_listener: Invalid path: /etc/nginx/ssl/nginx.crt
container def:
`containers:
- name: espimage: gcr.io/endpoints-release/endpoints-runtime:2.9.0
imagePullPolicy: Always
args: [
"--http_port", "8080",
"--ssl_port", "443",
"--backend", "127.0.0.1:8081",
"--service", "customer-data.endpoints.pj-nessie-dev.cloud.goog",
"--rollout_strategy", "managed",
"--dns", "169.254.169.254",
"--service_account_key", "/var/secrets/esp/esp-test-key.json",
"enable_debug"
]
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: /var/secrets/esp
name: service-account-creds
]
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: /var/secrets/esp
name: service-account-creds
readOnly: true`
Manish Jain
May 28, 2020, 6:14:51 AM5/28/20
to Google Cloud Endpoints
and if i am trying secure image with below configuration still there are errors
imagePullPolicy: Always
args: [
"--http_port", "8080",
"--ssl_port", "443",
"--backend", "127.0.0.1:8081",
"--service", "customer-data.endpoints.pj-nessie-dev.cloud.goog",
"--rollout_strategy", "managed",
"--dns", "169.254.169.254",
"--service_account_key", "/var/secrets/esp/esp-test-key.json",
]
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: /var/secrets/esp
name: service-account-creds
readOnly: true
image: gcr.io/endpoints-release/endpoints-runtime-secure:1.52.0
- name: esp
image: gcr.io/endpoints-release/endpoints-runtime-secure:1.52.0
image: gcr.io/endpoints-release/endpoints-runtime-secure:1.52.0
imagePullPolicy: Always
args: [
"--http_port", "8080",
"--ssl_port", "443",
"--backend", "127.0.0.1:8081",
"--service", "customer-data.endpoints.pj-nessie-dev.cloud.goog",
"--rollout_strategy", "managed",
"--dns", "169.254.169.254",
"--service_account_key", "/var/secrets/esp/esp-test-key.json",
"--enable_debug"
]
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: /var/secrets/esp
name: service-account-creds
readOnly: true
error :
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /home/nginx/endpoints/nginx.conf:29
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/nginx.crt") failed (SSL: error:02000002:system library:OPENSSL_internal:No such file or directory:fopen('/etc/nginx/ssl/nginx.crt','r') error:1100006e:BIO routines:OPENSSL_internal:NO_SUCH_FILE)
Reply all
Reply to author
Forward
0 new messages