search

gravitee-io / issues

Gravitee.io - API Platform - Issues
65 stars 26 forks source link

Issue deploying Gravitee APIM 3.x in Kubernetes using secured ElasticSearch (SSL) as a reporter #3959

Closed frenchyjef closed 4 years ago

frenchyjef commented 4 years ago

Issue deploying Gravitee APIM 3.x in Kubernetes using a secured ElasticSearch endpoint (SSL) as a reporter.

Note: elasticsearch is protected by a self-signed certificate (issued by istio) which is stored in a kubernetes secret.

Expected Behavior

When deploying APIM 3.x to Kubernetes, I should be able to configure the reporter_elasticsearch_endpoints_0 to point to an elasticsearch endpoint with HTTPS

Current Behavior

[vert.x-eventloop-thread-1] [] ERROR i.g.e.client.http.HttpClient - Unable to get a connection to Elasticsearch

javax.net.ssl.SSLHandshakeException: Failed to create SSL connection
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching elasticsearch-es-http.default.svc.cluster.local found.

Possible Solution

  1. I could use the public certificate (pem) to mount into the kubernetes pod and allow for HTTPS handshake to complete.

Steps to Reproduce (for bugs)

  1. Install Kubernetes
  2. Install Istio
  3. Install Elastic Search (secured endpoint)
  4. Install Gravitee 3.x
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gravitee-apim-gateway-v3
  labels:
    app: gravitee-apim-gateway
    version: v3
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gravitee-apim-gateway
      version: v3
  template:
    metadata:
      labels:
        app: gravitee-apim-gateway
        version: v3
    spec:
      serviceAccountName: gravitee-apim-gateway
      containers:
      - name: gravitee-apim-gateway
        image: graviteeio/apim-gateway:3
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8082
        env:
          - name: gravitee_management_mongodb_uri
            value: "mongodb://mongodb-storage.default.svc.cluster.local:27017/gravitee?serverSelectionTimeoutMS=5000&connectTimeoutMS=5000&socketTimeoutMS=5000"
          - name: gravitee_ratelimit_mongodb_uri
            value: "mongodb://mongodb-storage.default.svc.cluster.local:27017/gravitee?serverSelectionTimeoutMS=5000&connectTimeoutMS=5000&socketTimeoutMS=5000"
          - name: gravitee_reporters_elasticsearch_endpoints_0
            value: "https://elasticsearch-es-http.default.svc.cluster.local:9200"
          - name: gravitee_reporters_elasticsearch_security_username
            value: "elastic"
          - name: gravitee_reporters_elasticsearch_security_password
            value: "somepassword"
        volumeMounts:
        - name: gravitee-apim-gateway-log-volume
          mountPath: "/opt/graviteeio-gateway/logs"
      volumes:
      - name: gravitee-apim-gateway-log-volume
        persistentVolumeClaim:
          claimName: gravitee-apim-gateway-log

Context

Your Environment

brasseld commented 4 years ago

Can you tell me what do you want us to do there ?

no-response[bot] commented 4 years ago

This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.

kochetovd commented 2 years ago

How to use elasticsearch with a self-signed certificate? 14:38:39.346 [vert.x-eventloop-thread-0] ERROR i.g.e.client.http.HttpClient - Unable to get a connection to Elasticsearch: Failed to create SSL connection