Developer_portal returns "layouts/_base.html"

Kubernetes
1

Hello,

I have installed Kong Enterprise using the helm chart (charts/charts/kong at main · Kong/charts · GitHub).
I have enabled the portal in values.env and also portal.enabled (in the values file - which is pasted below)

Some specifics:

  • I have enabled http2 - as we need gRPC
  • I am terminating SSL on the AWS NLB

When I access the developer-portal, I get the literal text response: “layouts/_base.html”. Seems to indicate something wrong in developer-portal rendering.

I tried curling the kong pod on port 8003 from another pod in the cluster. Same result.
$ k exec -it netshoot – bash
bash-5.1# curl 100.101.163.185:8003
layouts/_base.html

image:
  repository: kong/kong-gateway
  tag: 2.3.3.0-alpine
  pullSecrets:
    - docker-registry

env:
  log_level: debug
  prefix: /kong_prefix/
  database: "postgres"
  proxy_listen: 0.0.0.0:8000 http2
  admin_gui_url: https://kong-manager.test.mydomain
  admin_api_uri: https://kong-admin-api.test.mydomain
  portal_api_url: https://kong-portalapi.test.mydomain
  portal_gui_host: developer-portal.test.mydomain
  portal_gui_protocol: https
  portal: on
  #portal_auth: "key-auth"
  #portal_session_conf:
  #  valueFrom:
  #    secretKeyRef:
  #      name: kong-session-config
  #      key: portal_session_conf
  password:
    valueFrom:
      secretKeyRef:
        name: kong-enterprise-superuser-password
        key: password

### The admin API
### This also need to be accessible from the browser for manager GUI to work
admin:
  enabled: true
  type: LoadBalancer
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
    service.beta.kubernetes.io/aws-load-balancer-internal: true
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:329124119919:certificate/8d67a5f5-615f-4e1b-9fbd-6120752e3a92
    orbitalinsight/dns-manager: external-dns
    external-dns.alpha.kubernetes.io/hostname: kong-admin-api.test.mydomain.
  http:
    enabled: true
    servicePort: 443
    containerPort: 8001
  tls:
    enabled: false
  ingress:
    enabled: false
###
proxy:
  enabled: true
  type: LoadBalancer
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
    service.beta.kubernetes.io/aws-load-balancer-internal: true
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:329124119919:certificate/8d67a5f5-615f-4e1b-9fbd-6120752e3a92
    orbitalinsight/dns-manager: external-dns
    external-dns.alpha.kubernetes.io/hostname: kong-proxy.test.mydomain.

  http:
    enabled: false
    servicePort: 80
    containerPort: 8000
    parameters: []

  tls:
    enabled: true
    servicePort: 443
    containerPort: 8000
    parameters:
    - http2

  stream: {}

  ingress:
    enabled: false
    annotations: {}
    path: /

  externalIPs: []
###
enterprise:
  enabled: true
  # CHANGEME: https://github.com/Kong/charts/blob/main/charts/kong/README.md#kong-enterprise-license
  license_secret: kong-enterprise-license
  vitals:
    enabled: true
  portal:
    enabled: true
  rbac:
    enabled: true
    admin_gui_auth: basic-auth
    session_conf_secret: kong-session-config
    admin_gui_auth_conf_secret: kong-session-config
  smtp:
    enabled: false
    portal_emails_from: none@example.com
    portal_emails_reply_to: none@example.com
    admin_emails_from: none@example.com
    admin_emails_reply_to: none@example.com
    smtp_admin_emails: none@example.com
    smtp_host: smtp.example.com
    smtp_port: 587
    smtp_auth_type: ''
    smtp_ssl: nil
    smtp_starttls: true
    auth:
      smtp_username: ''  # e.g. postmaster@example.com
      smtp_password_secret: CHANGEME-smtp-password

###
### This is the Kong Manager Web UI
### Should be accessible only internally with a well known DNS name
manager:
  enabled: true
  type: LoadBalancer
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-name: "test-kong-manager"
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
    service.beta.kubernetes.io/aws-load-balancer-internal: true
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:329124119919:certificate/8d67a5f5-615f-4e1b-9fbd-6120752e3a92
    orbitalinsight/dns-manager: external-dns
    external-dns.alpha.kubernetes.io/hostname: kong-manager.test.mydomain.
  http:
    enabled: true
    servicePort: 443
    containerPort: 8002
  tls:
    enabled: false
  ingress:
    enabled: false

###
portal:
  enabled: true
  type: LoadBalancer
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-name: "test-kong-portal"
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
    service.beta.kubernetes.io/aws-load-balancer-internal: true
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:329124119919:certificate/8d67a5f5-615f-4e1b-9fbd-6120752e3a92
    orbitalinsight/dns-manager: external-dns
    external-dns.alpha.kubernetes.io/hostname: developer-portal.test.mydomain.
  http:
    enabled: true
    servicePort: 443
    containerPort: 8003
  tls:
    enabled: false
  ingress:
    enabled: false

###
portalapi:
  enabled: true
  type: LoadBalancer
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-name: "test-kong-portalapi"
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
    service.beta.kubernetes.io/aws-load-balancer-internal: true
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:329124119919:certificate/8d67a5f5-615f-4e1b-9fbd-6120752e3a92
    orbitalinsight/dns-manager: external-dns
    external-dns.alpha.kubernetes.io/hostname: kong-portalapi.test.mydomain.
  http:
    enabled: true
    servicePort: 443
    containerPort: 8004
  tls:
    enabled: false
  ingress:
    enabled: false

###
postgresql:
  enabled: true
  postgresqlUsername: kong
  postgresqlPassword: mypassword
  postgresqlDatabase: kong
  service:
    port: 5432

###
ingressController:
  enabled: true
  installCRDs: false
  ingressClass: kong
  args:
  - "-v=3"
  env:
    kong_admin_tls_skip_verify: true
    #admin_gui_url: https://kong-admin-api.test.mydomain
    #admin_api_uri: https://kong-admin-api.test.mydomain
    # KIC overrides any edits made in Kong Manager
    #enable_reverse_sync: true
    #sync_period: "1m"
    #publish_service: "cp/controlplane-kong-admin"
    kong_admin_token:
      valueFrom:
        secretKeyRef:
          name: kong-enterprise-superuser-password
          key: password
  admissionWebhook:
    enabled: false
    failurePolicy: Fail
    port: 8080
2

Figured this out.

Its because the portal-cli update of the developer_portal fails with a socket_hangup.

$ portal deploy default
Wiping... ✖ socket hang up
Deploying default:

Deployed ✔ configs
Deployed ✔ content
Deployed ✔ specs
Deployed ✔ emails
Deploying themes ✖ socket hang up

This is running from a kubernetes pod.