DEVHIDE
Login Or Sign up

Spring cloud gateway with kubernetes discovery on openshift

1.5k Views Asked by At

I'm trying to setup Spring cloud gateway on openshift and want to discover the services available within cluster. I'm able to discover the services by adding the @DiscoveryClient and dependencies as below.

Boot dependencies are like:

    spring-cloud.version : Greenwich.SR2
    spring-boot-starter-parent:2.1.7.RELEASE

<dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-kubernetes</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-kubernetes-ribbon</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-ribbon</artifactId>
        </dependency>

I can see services are being discovered and registered. And routing also happening but there is CN name validation error occurring while routing. I tried setting the use-insecure-trust-manager:true as well but still the same error.

2021-12-31 12:30:33.867 TRACE 1 --- [or-http-epoll-8] o.s.c.g.h.p.RoutePredicateFactory        : Pattern "[/customer-service/**]" does not match against value "/userprofile/addUser"
2021-12-31 12:30:33.868 TRACE 1 --- [or-http-epoll-8] o.s.c.g.h.p.RoutePredicateFactory        : Pattern "/userprofile/**" matches against value "/userprofile/addUser"
2021-12-31 12:30:33.868 DEBUG 1 --- [or-http-epoll-8] o.s.c.g.h.RoutePredicateHandlerMapping   : Route matched: CompositeDiscoveryClient_userprofile
2021-12-31 12:30:33.868 DEBUG 1 --- [or-http-epoll-8] o.s.c.g.h.RoutePredicateHandlerMapping   : Mapping [Exchange: GET https://my-gatewat.net/userprofile/addUser ] to Route{id='CompositeDiscoveryClient_userprofile', uri=lb://userprofile, order=0, predicate=org.springframework.cloud.gateway.support.ServerWebExchangeUtils$$Lambda$712/0x000000010072a440@1046479, gatewayFilters=[OrderedGatewayFilter{delegate=org.springframework.cloud.gateway.filter.factory.RewritePathGatewayFilterFactory$$Lambda$713/0x000000010072a840@3c8d9cd1, order=1}]}
2021-12-31 12:30:33.888 TRACE 1 --- [or-http-epoll-8] o.s.c.g.filter.RouteToRequestUrlFilter   : RouteToRequestUrlFilter start
2021-12-31 12:30:33.888 TRACE 1 --- [or-http-epoll-8] o.s.c.g.filter.LoadBalancerClientFilter  : LoadBalancerClientFilter url before: lb://userprofile/addUser
2021-12-31 12:30:33.889 TRACE 1 --- [or-http-epoll-8] o.s.c.g.filter.LoadBalancerClientFilter  : LoadBalancerClientFilter url chosen: https://10.130.83.26:8443/addUser 
2021-12-31 12:30:33.891 DEBUG 1 --- [ctor-http-nio-7] r.n.resources.PooledConnectionProvider   : [id: 0x326a2e7b] Created new pooled channel, now 0 active connections and 1 inactive connections
2021-12-31 12:30:33.891 DEBUG 1 --- [ctor-http-nio-7] reactor.netty.tcp.SslProvider            : [id: 0x326a2e7b] SSL enabled using engine SSLEngineImpl and SNI /10.130.83.26:8443
2021-12-31 12:30:33.931 ERROR 1 --- [ctor-http-nio-7] a.w.r.e.AbstractErrorWebExceptionHandler : [8768bf6c] 500 Server Error for HTTP GET "/userprofile/addUser"

javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 10.130.83.26 found
    at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) ~[na:na]

Application.yml:


spring:
  application:
    name: my-api-gateway
  cloud:
    gateway:
      discovery:
        locator:
          enabled: true
      httpclient:
        ssl:
          use-insecure-trust-manager: true

Tried adding SNI matchers in SSL Context, to skip hostname check, but still not working:

SNIMatcher matcher = new SNIMatcher(0) {
             @Override
             public boolean matches(SNIServerName serverName) {
                   log.info("Server Name validation:{}", serverName);
                   return true;
             }
};
kubernetes routes openshift spring-cloud-gateway autodiscovery
Original Q&A
1

There are 1 best solutions below

0
rubalvjaiswal On

I'm able to resolve this error by using k8s discovery with url-expression as below:

spring:
  cloud:
    gateway:
      discovery:
        locator:
          enabled: true
          lower-case-service-id: true
          url-expression: "'https://'+serviceId+':'+getPort()"

Routes will be registered as https://serivcename:port same URL will be used by SSLProvider where it will create SSLHandler with host in SNI Information rather IP-Address which was causing this failure.

Logs for where SSL provider added handler with SSL Engine only and hostname port.

2022-01-04 14:58:15.360 DEBUG 1 --- [or-http-epoll-4] reactor.netty.tcp.SslProvider : [63cc8609, L:/127.0.0.1:8091 - R:/127.0.0.1:60004] SSL enabled using engine io.netty.handler.ssl.JdkAlpnSslEngine@31e2342b and SNI my-service:8088

Related Questions in KUBERNETES

Related Questions in ROUTES

Related Questions in OPENSHIFT

Related Questions in SPRING-CLOUD-GATEWAY

Related Questions in AUTODISCOVERY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.