Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

由于用户本地JVM参数默认值不一致,执行k8s客户端代码出错 #376

Open
baisui1981 opened this issue Oct 22, 2024 · 0 comments
Open

由于用户本地JVM参数默认值不一致,执行k8s客户端代码出错 #376

baisui1981 opened this issue Oct 22, 2024 · 0 comments

Comments

@baisui1981
Copy link
Member

由于刚将TIS jdb版本从8升级到了11,有用户在TIS中在需要创建k8s客户端连接凭证步骤中出错

Caused by: io.kubernetes.client.openapi.ApiException: 
Message: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
HTTP response code: 0
HTTP response body: null
HTTP response headers: null
	at io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:1032)
	at io.kubernetes.client.openapi.apis.CoreV1Api.listNodeWithHttpInfo(CoreV1Api.java:28702)
	at io.kubernetes.client.openapi.apis.CoreV1Api$APIlistNodeRequest.execute(CoreV1Api.java:28867)
	at com.qlangtech.tis.config.k8s.impl.DefaultK8SImage.createApiClient(DefaultK8SImage.java:122)
	... 183 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
	at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:89)
	at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestMessage.<init>(CertificateRequest.java:757)
	at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestConsumer.consume(CertificateRequest.java:861)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)

stackoverflow 上查到原因是:JDK 11 onwards have support for TLS 1.3 which can cause the error extension (5) should not be presented in certificate_request.

https://stackoverflow.com/questions/60790118/java-kubernetes-client-sslhandshakeexception-extension-5-should-not-be-present

所以,只需要在tis的启动脚本上加上 JVM参数即可:-Djdk.tls.client.protocols=TLSv1.2
baisui1981 added a commit to qlangtech/tis-ansible that referenced this issue Oct 22, 2024
@baisui1981
for hardcode set to tlsv1.2 datavane/tis#376
e706699
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@baisui1981