MWS Ingress rewrite problem

[enginsarlak]

https://github.com/SoftwareAG/webmethods-helm-charts/blame/20fc1518f7ac358c9caea7fc51cd9395cc7a423f/mywebmethodsserver/helm/values.yaml#L90

Can't find proper values for ingress path rewrite. Both MSR and UM ingresses work with path (although they are slightly different), but I couldn't make MWS path work no matter what I did. Here is what I did for the other products and tried to apply MWS.

UM server didn't require a rewrite, I added the path and the host and Enterprise manager was able to connect using path and nhp protocol.

IS/MSR didn't work with this setting, I added the annotations below and the regex below.

 annotations: 
    nginx.ingress.kubernetes.io/x-forwarded-prefix: /wm-poc-is/
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/session-cookie-name: wm-poc-is-cookie
    nginx.ingress.kubernetes.io/session-cookie-path: /
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/affinity-mode: persistent
  hosts:
    # -- Hostname of Ingress. By default the defaultHostname is used. For more complex rules or addtional hosts, you will need to overwrite this section.

    - host: # DNSname of the vip, without the path. (it doesn't accept path here or on default host)
      # --  Address the backend
      paths:
        # -- Path to address the backend
        - path: /wm-poc-is/(.*)
          # -- Path type to address the backend
          pathType: Prefix
          # -- Port of service
          port: 5555

This setup works for IS but it doesn't for MWS. I also compared the generated yaml files in kubernetes, didn't notice anything odd. MWS responds to first query with the path, but the subsequent requests don't have the path rewritten in them. If I add the path manually and make the call from postman, I get the proper response.

[thomas-2020]

I didn't get the issue here.

[enginsarlak]

Rewrite doesn't work properly. If I make calls including path, it successfully returns, but the MWS pages that are rendered are missing the path. Same parameters work as intended for MSR, but subsequent requests are not rewritten in MWS. Check screenshot for an example.

attaching latest ingress configuration for reference.

# -- Ingress Settings
ingress:
  # -- Enables deployment of an ingress
  enabled: true
  defaultHostname: 
  className: ""
  annotations: 
    # kubernetes.io/ingress.class: "nginx"
    # nginx.ingress.kubernetes.io/x-forwarded-prefix: /wm-poc-mws
    # nginx.ingress.kubernetes.io/rewrite-target: /$1
    # nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/session-cookie-name: wm-poc-mws-cookie
    nginx.ingress.kubernetes.io/session-cookie-path: /
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/affinity-mode: persistent

  hosts:
    # -- Hostname of Ingress. By default the defaultHostname is used. For more complex rules or addtional hosts, you will need to overwrite this section.
    - host: # vip hostname here without the path. 
      # --  Address the backend
      paths:
        # -- Path to address the backend
        - path: /wm-poc-mws
          # -- Path type to address the backend
          pathType: Prefix
          # -- Port of service
          port: 8585

FYI, tried every variation, including ImplementationSpecific path type, /wm-poc-mws(.*) and /wm-poc-mws(/|$)(.*) and all the commented out annnotations enabled and disabled one by one. Nothing seems to work. Also compared the generated service and ingress yaml files. I couldn't see any important difference.

[thomas-2020]

But I doesn't get the issue for the mywebmethodserver Helm Chart. Regarding Nginx or LB configuration for My webMethods Server, you should look into the documentation.

[enginsarlak]

I don't think I understand you. I am already using the same load balancer and ingresses that I am using with UM and IS. They both work as intended. When I apply the same ingress/rewrite configuration to MWS, MWS ingress doesn't rewrite the path. There is nothing in the documentation for nginx or ingress. If I remove the path and rewrite, it works without any problems. Why do you think it is load balancer or nginx problem?

[fabien-sanglier-saggs]

Hi, can you please confirm that MWS work correctly without the ingress? (ie. access it over k8s port proxying)
I suspect something else might be at play here where MWS is not starting correctly in the first place... eg. DB connectivity, or local disk persistence, etc...

Especially asking because I have MWS running fine in my prod-grade K8s setup behind a Traefik Ingress...and there is no need for any regex rewrites (at least with Traefik... but I don't think NGINX should be any different)

[enginsarlak]

With only the settings below, no path no annotation,

    - host: # F5 LB address is here but masked
      # --  Address the backend
      paths:

        - path: / #wm-poc-mws(.*)
          # -- Path type to address the backend
          pathType: Prefix
          # -- Port of service
          port: 8585

this is how my login screen looks like. Only 1 module failed to load. It was loading yesterday, it may be caused by my endless configuration changes.

after adding the annotations below,

    nginx.ingress.kubernetes.io/session-cookie-name: wm-poc-mws-cookie
    nginx.ingress.kubernetes.io/session-cookie-path: /
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/affinity-mode: persistent

I get the same results, same module didn't load. This is after login with Administrator with the annotations above. All requests are forwarded to my vip, there is no path involved.

The screenshot below is my login screen after adding the path, without any path rewrite annotations. This configuration works for UM but it doesn't work for IS without path rewrite annotations.

If you check the network queries, only the first query was successful. The rest are routed to / instead of /wm-poc-mws/. They should have been rewritten as the path included, but it didn't. When I call these services using postman and manually adding my path, I get the correct response, so if I send the request to the correct path it is successful, but it can't rewrite automatically.

Now I add these 2 annotations too

    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/use-regex: "true"

and it made no difference. This is weird because these annotations fixed my IS path rewrite issue.

I used incognito window and restarted the browser after every deployment. If I don't do it, it loads the missing files from the cache.

[thomas-2020]

I think the curious login screen is a result of Nginx settings, I have this in 1 of 2 environments. Would you uninstall MWS with deleting the PV and re-install it?

[enginsarlak]

I have done that several times. What is the ingress configuration you want me to test when I do it from start?

[thomas-2020]

After the first MWS deployment, the logon screen was OK in my environment. The small login screen comes later but I don't know when. Do you have the same behavior?

[thomas-2020]

Additional, I think it is not a problem of Ingress (configuration). If I access the MWS in service level with kubectl port-forward, the login screen is also small.
I didn't see the small MWS login screen on Docker. Therefore, I create Helm Chart of mywebmethodsserver version 1.0.2. Here, you can disable PVCs with storage.enabled=false