Caused by: io.kubernetes.client.openapi.ApiException:
Message: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
HTTP response code: 0
HTTP response body: null
HTTP response headers: null
at io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:1032)
at io.kubernetes.client.openapi.apis.CoreV1Api.listNodeWithHttpInfo(CoreV1Api.java:28702)
at io.kubernetes.client.openapi.apis.CoreV1Api$APIlistNodeRequest.execute(CoreV1Api.java:28867)
at com.qlangtech.tis.config.k8s.impl.DefaultK8SImage.createApiClient(DefaultK8SImage.java:122)
... 183 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:89)
at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestMessage.<init>(CertificateRequest.java:757)
at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestConsumer.consume(CertificateRequest.java:861)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
stackoverflow 上查到原因是:JDK 11 onwards have support for TLS 1.3 which can cause the error extension (5) should not be presented in certificate_request.
由于刚将TIS jdb版本从8升级到了11,有用户在TIS中在需要创建k8s客户端连接凭证步骤中出错
stackoverflow 上查到原因是:JDK 11 onwards have support for TLS 1.3 which can cause the error extension (5) should not be presented in certificate_request.
https://stackoverflow.com/questions/60790118/java-kubernetes-client-sslhandshakeexception-extension-5-should-not-be-present
所以,只需要在tis的启动脚本上加上 JVM参数即可:
-Djdk.tls.client.protocols=TLSv1.2