https://www.ory.sh/ logo
Powered by
s

sticky-guitar-94474

03/24/2022, 11:52 AM
Hi @ #kratos I am facing the following issues when trying to trigger any flow after getting the flow ID Using SelfService UI Node installed it via Helm Chart
Copy code
{
  "message": "read ECONNRESET",
  "name": "Error",
  "stack": "Error: read ECONNRESET\n    at TCP.onStreamRead (node:internal/stream_base_commons:211:20)",
  "config": {
    "url": "<http://kratos-public.orydemo.svc.cluster.local:4433/self-service/login/flows?id=45788f28-d2c9-425d-94e0-141e2e699ad6>",
    "method": "get",
    "headers": {
      "Accept": "application/json, text/plain, */*",
      "User-Agent": "axios/0.21.4"
    },
    "transformRequest": [
      null
    ],
    "transformResponse": [
      null
    ],
    "timeout": 0,
    "xsrfCookieName": "XSRF-TOKEN",
    "xsrfHeaderName": "X-XSRF-TOKEN",
    "maxContentLength": -1,
    "maxBodyLength": -1,
    "transitional": {
      "silentJSONParsing": true,
      "forcedJSONParsing": true,
      "clarifyTimeoutError": false
    }
  },
  "code": "ECONNRESET"
}
Accessed the Uinode’s shell and tried wget to the kratos-public service with flow id Which throws the following error 
error getting response: Connection reset by peer
Some times facing 403 Forbidden While the same call to public API is succeeding i.e 
<https://kratos-api-public-dev.abcgoogle.com/self-service/login/flows?id=49d265f4-795f-48e0-bb1e-5296e4da57a1>
Has anyone faced the same issue?
d

damp-sunset-69236

03/24/2022, 12:58 PM
Hello. It looks like kratos is inaccessible from ui node
s

sticky-guitar-94474

03/24/2022, 12:59 PM
Hi thanks for the response nslookup through the container is not failing
It’s actually able to connect
d

damp-sunset-69236

03/24/2022, 1:00 PM
It actually depends on how do you make requests to kratos. It looks like 
<https://kratos-api-public-dev.abc>….
URL works fine because everything is configured property to access from the internet while you can have issues with internal network configuration
ECONNRESET
errors usually comes after network misconfiguration of your ingress load balancers and internal configuration inside your cluster
What ingress load balancer do you use with your k8s cluster?
s

sticky-guitar-94474

03/24/2022, 1:03 PM
Hmm, as mentioned earlier the Pods are able to connect to each other And tested it via Accessing the UI Container to make a call internally to the Service (not the Publicly accessible URL)
I am using ALB
Also Exposed the kratos-public service as NodePort
d

damp-sunset-69236

03/24/2022, 1:05 PM
Do I understand correctly that you use AWS/ALB ?
s

sticky-guitar-94474

03/24/2022, 1:05 PM
Yep
d

damp-sunset-69236

03/24/2022, 1:07 PM
Do you have any public demo avaiable to reproduce the issue?
We can continue in DM if you want
s

sticky-guitar-94474

03/24/2022, 1:08 PM
Sure, Thanks
2 Views
Powered by