search

oslabs-beta / franzView

An open source kafka monitoring and management tool built with Javascript developers in mind!
https://www.franzview.com
MIT License
69 stars 6 forks source link

Error: reason: self signed certificate in certificate chain #47

Open mikepoz59 opened 2 years ago

mikepoz59 commented 2 years ago

Describe the bug When running Franz from my local system against Prometheus deployed in my company's K8S cluster using, apparently, self signed certificate, I get the following error for a large number of similar queries on launching the Franz portal on http://localhost:3000

Error: FetchError: request to https://prometheus.myCompany.com/api/v1/query?query=(sum(kafka_cluster_partition_insyncreplicascount%7Btopic=~%22__consumer_offsets%22%7D)by(topic)) failed, reason: self signed certificate in certificate chain

To Reproduce Steps to reproduce the behavior:

  1. Install Kafka in K8S cluster and expose it via Nodeport for use.
  2. Validate that the Kafka brokers can be reached from my dev desktop using a test application.
  3. Install Prometheus in K8S cluster and expose it via both Nodeport and Ingress.
  4. Validate that both URLs http:Nodeport, and https://ingress and successfully display the Prometheus portal from my dev desktop.
  5. Set .env to use either of the two URLs to the Prometheus instance, save the changes and run "npm start".
  6. When console indicates that the console is available on port 3000, open the portal.

Expected behavior The portal to draw properly and be able to retrieve data with no errors in the console.

**Actual behavior*** All attempts to query the Prometheus service fail with the self signed cert issue.

Thing's I've attempted to resolve the issue:

  1. Import the cert in my system cert store as a Trusted Root Cert Authority
  2. Set strict SSL to false
  3. Set NPM config to point to the cert directly

Source of the attempts: https://stackoverflow.com/questions/13913941/how-to-fix-ssl-certificate-error-when-running-npm-on-windows/30341389#30341389

None of these things have worked, so I need help/guidance.

Desktop (please complete the following information):

Additional context What I'm looking for is a way to make this work so I can evaluate it for use within my team to monitor and manage our Kafka clusters, so any help would be greatly appreciated.

rbhastie commented 2 years ago

@mikepoz59

Thank you for opening this issue.

We set up a testing environment with a Docker image of a Prometheus config that uses a self-signed certificate to recreate this issue. When using a self-signed certificate, the best solution for a develop environment, though discouraged, is to utilize the NODE_TLS_REJECT_UNAUTHORIZED=0 command before running the npm command to start FranzView, e.g.:

$ NODE_TLS_REJECT_UNAUTHORIZED=0 npm start

More information can be found here: https://stackoverflow.com/questions/45088006/nodejs-error-self-signed-certificate-in-certificate-chain https://nodejs.org/api/cli.html#:~:text=not%20be%20fixed.-,NODE_TLS_REJECT_UNAUTHORIZED,-%3Dvalue