Kubernetes Deployment not working

MIP
, , ,
1

We have deployed AI Bridge before, but in our new site with AI Bridge v2.0.1 it’s not working.

Details below:

Our VMS hostname is added to our Kubernetes cluser host machine DNS server.

The init container stays on this error:

image
image872×480 244 KB

We’ve noticed this error happens if there is anything wrong - i.e. we’ve had it when the basic user isn’t right, or other errors - it is not a great indicator of what is wrong unfortuantely.

I can share all of my other configurations here, but in general we have done this before and have followed the steps carefully. We can of course ping the VMS windows server from our host kubernetes machine and vice-versa.

We also tried to add this (i.e. uncomment out the ip/hostname - this gets us half way there, meaning we are able to see our application in the processing server in Milestone Management Client, but we still end up with the error of: unable to reach health-endpoint.

vms:
  url: "http://MGMT-SVR1"
  #Define these variables if your vms is not in the network domain
  ip: "10.128.5.3"
  hostname: "mgmt-svr1"
2

Hello Abaas,

This error appears when something is not working correctly during the registration of XProtect in AI Bridge (or vice-versa). Most likely the actual error is being logged in a different container.

Can you please check and share the logs of the connector and webservice containers while you are performing this init startup? This will bring more clarity to what is actually going on.

Thanks in advance!

Fer

3

Hi Fernando,

Sure thing, please find logs below:

webservice:

Error: Error adding endpoint: Post "https://MGMT-SVR1/ManagementServer/ServerCommandService.svc": dial tcp: lookup MGMT-SVR1 on 10.96.0.10:53: no such host
    at Runner.eachMessage (/root/bin/app.js:185:32)
    at Runner.processEachMessage (/root/bin/node_modules/kafkajs/src/consumer/runner.js:231:20)
    at onBatch (/root/bin/node_modules/kafkajs/src/consumer/runner.js:447:20)
    at Runner.handleBatch (/root/bin/node_modules/kafkajs/src/consumer/runner.js:461:11)
    at handler (/root/bin/node_modules/kafkajs/src/consumer/runner.js:58:30)
    at /root/bin/node_modules/kafkajs/src/consumer/worker.js:29:15
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
  path: [ 'register' ],
  locations: [ { line: 1, column: 12 } ],
  extensions: [Object: null prototype] {}
}

This seems odd, because we do not have `HTTPS` enabled.

connector:

2025/07/30 07:25:35 Error adding endpoint: Post "https://MGMT-SVR1/ManagementServer/ServerCommandService.svc": dial tcp: lookup MGMT-SVR1 on 10.96.0.10:53: no such host

Just to clarify a few things as well, we have of course added the hosts to our /etc/hosts file and our network is solid and we can ping machines from each other and all of the boilerplate setup required.

Any help would be greatly appreciated!

4

Hello Abaas,

Thanks for sharing the logs, indeed it looks like a name resoluion problem.

You’ll see, the XProtect protocol integration dictates that for basic users - user type that AI Bridge is using to connect to XProtect -, the authentication must be done throuhg HTTPS, regardless your VMS setup. You can read more about it here: https://doc.developer.milestonesys.com/html/reference/protocols/protocol_authenticate.html

Having this in mind, and as an example, I can share this setup:

  • XProtect is not running secured:
    image
    image720×832 104 KB
  • AI Bridge connects to this XProtect
    image
    image781×358 22.8 KB
  • The enpoint is reachable from another host (not XProtect machine, nor AI Bridge machine) using https even when XProtect is running unsecured:
    image
    image728×480 71.7 KB
  • Inside the connector container, a wget command can be run to check the connection to the host and this particular resource:
    • In my case:
wget --no-check-certificate -O - "http://dkta-0723sk0031.ta.rd.local/ManagementServer/ServerCommandService.svc"

image
image923×480 201 KB

  • In your case:
wget --no-check-certificate -O - "http://MGMT-SVR1/ManagementServer/ServerCommandService.svc"

Can you please, check that you can access this resource for the hosts you are mentioning that can reach the VMS and from inside the connector or webservice containers?

Let me know how it goes on your side.

Fer

5

I have the same issue, over here. is there any way, this authentication can be done in http:// for basic users, so that no certificates are required.