search

apache / pulsar-helm-chart

Official Apache Pulsar Helm Chart
https://pulsar.apache.org/
Apache License 2.0
209 stars 221 forks source link

ssl3 ext invalid servername #528

Open meyerbro opened 2 days ago

meyerbro commented 2 days ago

Describe the bug Hello, I'm using your helm charts but getting stuck trying to use the Python pulsar-client library from outside the cluster.

To Reproduce 1 - Deploy the helm charts in a Kubernetes cluster. 2 - Enable ingress for pulsar-proxy. 3 - Use the code below:

import pulsar
client = pulsar.Client('https://pulsar-proxy.domain:443')
producer = client.create_producer('my-topic')

Expected behavior Create a connection and a topic called 'my-topic'.

Error ssl3 ext invalid servername (SSL routines, ssl3_ctrl): Error while setting TLS SNI

Additional context It looks like this variable in the reply (proxyThroughServiceUrl) should be 1 for it to use the service URL as proxy and not try to go direct to the cluster using pulsar protocol on port 6650, as that is not available from outside the cluster.

I tried using the additional listeners feature without luck.

Logs

2024-09-18 09:17:57.471 INFO  [139927618582208] HTTPLookupService:223 | Curl Lookup Request sent for https://pulsar-proxy.domain:443/admin/v2/persistent/public/default/my-topic/partitions?checkAllowAutoCreation=true
2024-09-18 09:17:57.642 INFO  [139927618582208] HTTPLookupService:239 | Response received for url https://pulsar-proxy.domain:443/admin/v2/persistent/public/default/my-topic/partitions?checkAllowAutoCreation=true responseCode 200
2024-09-18 09:17:57.642 INFO  [139927618582208] HTTPLookupService:280 | parsePartitionData = { LookupDataResult [brokerUrl_ = ] [brokerUrlTls_ = ] [partitions = 0] [authoritative = 0] [redirect = 0] proxyThroughServiceUrl = 0] }
2024-09-18 09:17:57.643 INFO  [139927618582208] HandlerBase:111 | [persistent://public/default/my-topic, ] Getting connection from pool
2024-09-18 09:17:57.643 INFO  [139927618582208] HTTPLookupService:223 | Curl Lookup Request sent for https://pulsar-proxy.domain:443/lookup/v2/topic/persistent/public/default/my-topic
2024-09-18 09:17:57.738 INFO  [139927618582208] HTTPLookupService:239 | Response received for url https://pulsar-proxy.domain:443/lookup/v2/topic/persistent/public/default/my-topic responseCode 200
2024-09-18 09:17:57.739 INFO  [139927618582208] HTTPLookupService:315 | parseLookupData = { LookupDataResult [brokerUrl_ = pulsar://pulsar-broker:6650] [brokerUrlTls_ = ] [partitions = 0] [authoritative = 0] [redirect = 0] proxyThroughServiceUrl = 0] }
2024-09-18 09:17:57.739 INFO  [139927618582208] ClientConnection:187 | [<none> -> ] Create ClientConnection, timeout=10000
2024-09-18 09:17:57.741 ERROR [139927618582208] ClientConnection:268 | ssl3 ext invalid servername (SSL routines, ssl3_ctrl): Error while setting TLS SNI
2024-09-18 09:17:57.741 INFO  [139927618582208] ConnectionPool:124 | Created connection for --0
2024-09-18 09:17:57.741 ERROR [139927618582208] ClientConnection:579 | [<none> -> ] Invalid Url, unable to parse: system:0 Success
2024-09-18 09:17:57.741 ERROR [139927618582208] ClientConnection:1318 | [<none> -> ] Connection closed with ConnectError (refCnt: 2)
2024-09-18 09:17:57.741 INFO  [139927618582208] ConnectionPool:141 | Remove connection for --0
2024-09-18 09:17:57.742 INFO  [139927618582208] ClientConnection:275 | [<none> -> ] Destroyed connection to -0
2024-09-18 09:17:57.742 INFO  [139927618582208] ProducerImpl:757 | Producer - [persistent://public/default/my-topic, ] , [batching  = off]
lhotari commented 1 day ago

client = pulsar.Client('https://pulsar-proxy.domain:443')

Does it work if you use the Pulsar binary protocol (pulsar+ssl://pulsar-proxy.domain:6651)?