Spring boot service in kubernetes always responses with HTTP status 400

6/25/2018

We have Spring Boot service running in Kubernetes.
This service has endpoint:
- GET /healthz

We have liveness probe that uses this endpoint. Probe runs successfully.
It means that the endpoint is reachable from the service pod (localhost).

When I run in the service pod : wget https://localhost:8080/healthz I get an answer (OK)

When I try to call this endpoint outside the pod wget https://myhost:8080/healthz, I get response 400 without body.
I don't see any logs of Sprint. It seems that it does not reach the Sprint .
When I added flag -Djavax.net.debug=all I see in log that TLS handshake finished and then:

GET /healthz HTTP/1.1    
host: myhost:8080    
accept: application/json    
Connection: close     

and immediately

HTTP/1.1 400 
Transfer-Encoding: chunked
Date: Mon, 25 Jun 201 8 08:43:43 GMT
Connection: close

When I try wget https://myhost:8080/blahblah (non existing endpoint), I still get 400, not 404!

When I try wget https://myWronghost:8080/healthz (wrong host), I get an error Bad address. It means that host 'myhost' is correct (otherwise I would get this error).

Docker file:

FROM openjdk:8-jdk-alpine
VOLUME /tmp
ARG JAR_FILE
COPY ${JAR_FILE} app.jar
ENV JAVA_TOOL_OPTIONS -Dfile.encoding=UTF8
ENTRYPOINT ["java","-Djavax.net.debug=all", "-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
EXPOSE 8080

Summing up:
The service endpoints are accessible from within service pod, but not accessible from outside the pod.
Any idea why?

Update:
The problem was solved by calling the service with fully qualified domain name : serviceName.namespaceName.svc.cluster.local
Tomcat didn't accept calls with short domain serviceName.namespaceName, it responded 400.

-- Tantre
kubernetes
kubernetes-health-check
kubernetes-ingress
kubernetes-security
spring-boot

4 Answers

6/25/2018

Not sure if it has any influence here, but you're trying everything with https. Can you try with http instead? Your spring app probably doesn't support https on port 8080.

-- Christiaan
Source: StackOverflow

6/27/2018

The problem was solved by calling the service with fully qualified domain name :
service-name.namespace-name.svc.cluster.local
The service didn't accept calls with service-name.namespace-name, responded 400.

-- Tantre
Source: StackOverflow

7/11/2018

Your issue can be caused by https://github.com/spring-projects/spring-boot/issues/13205. All you have to do is upgrade Tomcat version to 8.5.32. You can do that by adding the version in pom.xml file.

 <properties>
    <!-- your properties -->
    <tomcat.version>8.5.32</tomcat.version>
 </properties>
-- Mariusz Kumor
Source: StackOverflow

7/11/2018

If you are using Spring boot 2 this may be due to bug in Tomcat 8.5.31 that doesnt allow '-' in last part of FQDN

Update Tomcat to 8.5.32 fixes this.

Reference:

-- Lukasz Wozniak
Source: StackOverflow