0kSfc8kfHDOuuVIaNjeY opened a new issue, #638:
URL: https://github.com/apache/pekko-management/issues/638

   With the following setup, Pekko as a whole is unable to start up because 
Bootstrap is unable to handle the response to the seed nodes request when using 
the Kuberrnetes DNS solution:
   
   > pekko-management: 1.2.0
   > pekko: 1.4.0
   > pekko-http: 1.3.0
   
   Even if pekko and pekko-http are downgraded to the versions supported by 
pekko-management 1.2.0 from the moment of its release, the behaviour does not 
change. However, as soon as pekko-management is downgraded to the previous 
version 1.1.1 (the versions of pekko and pekko-http make no difference), the 
issue is no longer present.
   
   The log output received from Bootstrap 1.2.0 (with javax.net.debug set to 
all) looks as follows (attached as a file for better readability):
   
   [error.txt](https://github.com/user-attachments/files/25376058/error.txt)
   
   It is important to note that the X509TrustManager was available (the 
standard Sun JSSE variant) and that was checked on startup of the server.
   
   With Bootstrap 1.1.1, the same call to fetch the seed nodes succeeds with 
the following log output (again with javax.net.debug set to all and again 
attached as a file for better readability):
   
   
[no_error.txt](https://github.com/user-attachments/files/25376084/no_error.txt)
   
   The relevant part of the configuration that was sent to Pekko from the 
application was identical in both cases:
   `pekko.management.cluster.bootstrap.contact-point-discovery.discovery-method 
= pekko-dns`
   `pekko.management.http.port = 8558`
   `pekko.management.http.bind-hostname = "0.0.0.0"`
   `pekko.management.cluster.bootstrap.contact-point-discovery.port-name = 
pekko-mgmt-http`
   `pekko.management.cluster.bootstrap.contact-point-discovery.service-name = 
server-kubernetes-dns-internal`
   
`pekko.management.cluster.bootstrap.contact-point-discovery.service-namespace = 
server`
   `pekko.remote.artery.transport = tls-tcp`
   `pekko.remote.artery.ssl.config-ssl-engine.key-store = 
"/app-security/cert-manager/keystore.jks"`
   `pekko.remote.artery.ssl.config-ssl-engine.trust-store = 
"/app-security/cert-manager/truststore.jks"`
   `pekko.remote.artery.ssl.config-ssl-engine.key-store-password = "password"`
   `pekko.remote.artery.ssl.config-ssl-engine.key-password = "password"`
   `pekko.remote.artery.ssl.config-ssl-engine.trust-store-password = "password"`
   `pekko.remote.artery.ssl.config-ssl-engine.protocol = "TLSv1.2"`
   `pekko.remote.artery.ssl.config-ssl-engine.enabled-algorithms = [ 
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]`
   `pekko.remote.artery.ssl.config-ssl-engine.hostname-verification = "off"`
   
   If it helps, I can reproduce the issue and also supply any further 
information to aid in finding the cause.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to