0kSfc8kfHDOuuVIaNjeY opened a new issue, #638: URL: https://github.com/apache/pekko-management/issues/638
With the following setup, Pekko as a whole is unable to start up because Bootstrap is unable to handle the response to the seed nodes request when using the Kuberrnetes DNS solution: > pekko-management: 1.2.0 > pekko: 1.4.0 > pekko-http: 1.3.0 Even if pekko and pekko-http are downgraded to the versions supported by pekko-management 1.2.0 from the moment of its release, the behaviour does not change. However, as soon as pekko-management is downgraded to the previous version 1.1.1 (the versions of pekko and pekko-http make no difference), the issue is no longer present. The log output received from Bootstrap 1.2.0 (with javax.net.debug set to all) looks as follows (attached as a file for better readability): [error.txt](https://github.com/user-attachments/files/25376058/error.txt) It is important to note that the X509TrustManager was available (the standard Sun JSSE variant) and that was checked on startup of the server. With Bootstrap 1.1.1, the same call to fetch the seed nodes succeeds with the following log output (again with javax.net.debug set to all and again attached as a file for better readability): [no_error.txt](https://github.com/user-attachments/files/25376084/no_error.txt) The relevant part of the configuration that was sent to Pekko from the application was identical in both cases: `pekko.management.cluster.bootstrap.contact-point-discovery.discovery-method = pekko-dns` `pekko.management.http.port = 8558` `pekko.management.http.bind-hostname = "0.0.0.0"` `pekko.management.cluster.bootstrap.contact-point-discovery.port-name = pekko-mgmt-http` `pekko.management.cluster.bootstrap.contact-point-discovery.service-name = server-kubernetes-dns-internal` `pekko.management.cluster.bootstrap.contact-point-discovery.service-namespace = server` `pekko.remote.artery.transport = tls-tcp` `pekko.remote.artery.ssl.config-ssl-engine.key-store = "/app-security/cert-manager/keystore.jks"` `pekko.remote.artery.ssl.config-ssl-engine.trust-store = "/app-security/cert-manager/truststore.jks"` `pekko.remote.artery.ssl.config-ssl-engine.key-store-password = "password"` `pekko.remote.artery.ssl.config-ssl-engine.key-password = "password"` `pekko.remote.artery.ssl.config-ssl-engine.trust-store-password = "password"` `pekko.remote.artery.ssl.config-ssl-engine.protocol = "TLSv1.2"` `pekko.remote.artery.ssl.config-ssl-engine.enabled-algorithms = [ "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]` `pekko.remote.artery.ssl.config-ssl-engine.hostname-verification = "off"` If it helps, I can reproduce the issue and also supply any further information to aid in finding the cause. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
