Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cannot connect to microk8s using Kubernetes API: javax.net.ssl.SSLHandshakeException

See original GitHub issue

Hello everyone,

I have been trying to connect to microk8s using the kubernetes-client API (https://github.com/kubernetes-client/java).

However I am unable to do so, getting this kind of errors:

javax.net.ssl|ERROR|1C|http-nio-9090-exec-1|2020-04-25 16:47:26.165 EEST|TransportContext.java:319|Fatal (UNSUPPORTED_EXTENSION): extension (5) should not be presented in certificate_request (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
  	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
  	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:270)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:261)
  	at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:89)
  	at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestMessage.<init>(CertificateRequest.java:818)
  	at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestConsumer.consume(CertificateRequest.java:922)
  	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
  	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:451)
  	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:428)
  	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:184)
  	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
  	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
  	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
  	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
  	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:336)
  	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
  	at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185)
  	at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
  	at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
  	at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
  	at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169)
  	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
  	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
  	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
  	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
  	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
  	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
  	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
  	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
  	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
  	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
  	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
  	at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:221)
  	at okhttp3.RealCall.execute(RealCall.java:81)
  	at io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:894)
  	at io.kubernetes.client.openapi.apis.CoreV1Api.listNamespaceWithHttpInfo(CoreV1Api.java:16069)
  	at io.kubernetes.client.openapi.apis.CoreV1Api.listNamespace(CoreV1Api.java:16041)
  	at gr.uoa.di.javakube.service.KubeInformationServiceImpl.getAllNamespaces(KubeInformationServiceImpl.java:29)
  	at gr.uoa.di.javakube.controller.KubeInformationController.index(KubeInformationController.java:34)
  	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
  	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)
  	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
  	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105)
  	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:893)
  	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:798)
  	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
  	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)
  	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)
  	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
  	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
  	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:94)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
  	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
  	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
  	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526)
  	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
  	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
  	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
  	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
  	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
  	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
  	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860)
  	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)
  	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
  	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
  	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
  	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  	at java.base/java.lang.Thread.run(Thread.java:834)}

)
javax.net.ssl|DEBUG|1C|http-nio-9090-exec-1|2020-04-25 16:47:26.169 EEST|SSLSocketImpl.java:1360|close the underlying socket
javax.net.ssl|DEBUG|1C|http-nio-9090-exec-1|2020-04-25 16:47:26.171 EEST|SSLSocketImpl.java:1379|close the SSL connection (initiative)

I have opened an issue to the kubernetes-client repo: https://github.com/kubernetes-client/java/issues/893

However, we were not able to find a solution.

I am using the most recent version of microk8s and kubernetes. I am also using Java version jdk-11.0.7.

I am attaching the inspection report that I have just produced and my kubeconfig file is:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRU*********
    server: https://127.0.0.1:16443
  name: microk8s-cluster
contexts:
- context:
    cluster: microk8s-cluster
    user: admin
  name: microk8s
current-context: microk8s
kind: Config
preferences: {}
users:
- name: admin
  user:
    password: RHRtZ*******
    username: admin

inspection-report-20200425_172541.zip

Issue Analytics

State:
Created 3 years ago
Comments:8 (8 by maintainers)

Top GitHub Comments

2reactions

iskitsascommented, Apr 27, 2020

@giorgos-apo , If you see the docs and the source code for Config.defaultClient(), default config is loaded from ~/.kube/config

When installing microk8s, your config is not placed there. Have you tried to set the kube config path from the right microk8s path? eg. /var/snap/microk8s/current/credentials/client.config

When testing from my host it works as expected.

k8s-client

[1] https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#java-client [2] https://github.com/kubernetes-client/java/blob/master/examples/src/main/java/io/kubernetes/client/examples/KubeConfigFileClientExample.java

When accessing from inside the cluster pay attention in this example: https://github.com/kubernetes-client/java/blob/master/examples/src/main/java/io/kubernetes/client/examples/InClusterClientExample.java

    // loading the in-cluster config, including:
    //   1. service-account CA
    //   2. service-account bearer-token
    //   3. service-account namespace
    //   4. master endpoints(ip, port) from pre-set environment variables

See direct accessing the REST API [3] to understand the steps without using any java client [3] https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#directly-accessing-the-rest-api-1

0reactions

giorgos-apocommented, May 3, 2020

@iskitsas Thank you very much for your support and immediate answers.