Kubernetes OpenShift边缘TLS终止路由不工作。CWWKO0801E:无法初始化SSL连接
有人能帮我打开轮班路线吗 我已设置带有边缘TLS终端的路由,对服务端点的调用会导致:Kubernetes OpenShift边缘TLS终止路由不工作。CWWKO0801E:无法初始化SSL连接,kubernetes,routes,ssl-certificate,openshift,websphere-liberty,Kubernetes,Routes,Ssl Certificate,Openshift,Websphere Liberty,有人能帮我打开轮班路线吗 我已设置带有边缘TLS终端的路由,对服务端点的调用会导致: 502 Bad Gateway The server returned an invalid or incomplete response. pod中的日志有以下错误:我使用端点进行REST调用 CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have ex
502 Bad Gateway
The server returned an invalid or incomplete response.
pod中的日志有以下错误:我使用端点进行REST调用
CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.ibm.jsse2.c.a(c.java:6)
at com.ibm.jsse2.as.a(as.java:532)
at com.ibm.jsse2.as.unwrap(as.java:580)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:5)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.readyInbound(SSLConnectionLink.java:515)
默认直通路由终止工作!,但这不允许我指定基于路径的路由。因此,尝试使用带有边缘TLS终止的路由我尝试使用单个主机名将流量从/ibm/pmi/service路由到apm pm api服务,并从/ibm/pmi路由到apm pm ui服务
我将SSL证书加载到边缘路由中,liberty服务通过deployment.yaml中定义的机密使用相同的证书
我无法确定此SSL相关错误的根本原因,这是来自wlp liberty应用程序服务器还是openshift路由的问题
关于如何让liberty应用程序正常工作的任何建议
提前谢谢你的帮助
附加route.yaml
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: openshift-pmi-dev
namespace: default
selfLink: /apis/route.openshift.io/v1/namespaces/default/routes/openshift-pmi-dev
uid: 9ba296f6-1611-11ea-a1ab-0a580afe00ab
resourceVersion: '6819345'
creationTimestamp: '2019-12-03T21:12:26Z'
annotations:
haproxy.router.openshift.io/balance: roundrobin
haproxy.router.openshift.io/hsts_header: max age=31536000;includeSubDomains;preload
spec:
host: openshift-pmi-dev.apps.vapidly.os.fyre.ibm.com
subdomain: ''
path: /ibm/pmi/service
to:
kind: Service
name: apm-pm-api-service
weight: 100
port:
targetPort: https
tls:
termination: edge
certificate: |
-----BEGIN CERTIFICATE-----
<valid cert>
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
<valid cert>
-----END RSA PRIVATE KEY-----
caCertificate: |
-----BEGIN CERTIFICATE-----
<valid cert>
-----END CERTIFICATE-----
insecureEdgeTerminationPolicy: Redirect
wildcardPolicy: None
status:
ingress:
- host: openshift-pmi-dev.apps.vapidly.os.fyre.ibm.com
routerName: default
conditions:
- type: Admitted
status: 'True'
lastTransitionTime: '2019-12-03T21:12:26Z'
wildcardPolicy: None
routerCanonicalHostname: apps.vapidly.os.fyre.ibm.com
将路由更改为重新加密,将导致应用程序不可用502错误。请求似乎没有到达服务
边缘终止意味着将http明文发送到后端服务,但您的路由会将http发送到https端口
删除端口:https或使用“重新加密”终止而不是“边缘”更改以下内容后问题已解决: 在liberty application server.xml上启用http 公开docker文件上的http端口 在service.yaml上启用http端口 使用边缘路由上的http端口。
我尝试了重新加密的路线。但这会导致503应用程序不可用错误。请求似乎没有到达服务。正在使用什么版本的Liberty和OpenShift?OpenShift v4.2和Liberty v19.0.0.10