POD Unhealthy and no connection allowed from outside POD

2023-08-01 Thread Gaurav Tyagi 
Hi All,

I have been following the Run Kubernetes instruction page and deploying
using the helm chart.

*I am seeing below when I say describe pod - *
  Normal   Created89s   kubeletCreated
container james-imap-smtp
  Normal   Started89s   kubeletStarted
container james-imap-smtp
  Warning  Unhealthy  0s (x4 over 20s)  kubeletReadiness probe
failed: Get "
http://10.244.161.70:8000/healthcheck/checks/Guice%20application%20lifecycle":
dial tcp 10.244.161.70:8000: connect: connection refused


*When I checked the same from inside the pod - *
C:\Dev\padminisys\github\james-project-james-project-3.8.0\server\apps\distributed-app\helm-chart>kubectl
exec -it james-imap-smtp-86f68c6499-9995j -- sh
# curl
http://10.244.161.70:8000/healthcheck/checks/Guice%20application%20lifecycle
curl: (7) Failed to connect to 10.244.161.70 port 8000: Connection refused

*When I changed the pod IP with localhost, it worked, however, I can't
connect using svc or POD IP from the cluster- *
# curl
http://localhost:8000/healthcheck/checks/Guice%20application%20lifecycle
{"componentName":"Guice application
lifecycle","escapedComponentName":"Guice%20application%20lifecycle","status":"healthy","cause":null}#


*PS: I am only using one POD *james-imap-smtp, not using jmap.

Please help me to get James running on the Kubernetes cluster.

I appreciate any help you can provide.
Gaurav Tyagi

-- 
*Padmini Systems Private Limited* puts the security of the client at a high 
priority. Therefore, we have put efforts into ensuring that the message is 
error and virus-free. Unfortunately, full security of the email cannot be 
ensured as, despite our efforts, the data included in emails could be 
infected, intercepted, or corrupted. Therefore, the recipient should check 
the email for threats with proper software, as the sender does not accept 
liability for any damage inflicted by viewing the content of this email.

Re: Error while starting Mail Server POD in Kubernetes

2023-07-24 Thread Gaurav Tyagi 
Hello, Thanks for your reply. It worked.
However, I am bogged down with other issues, but I see documentation
references for the same are available.
So I will sort it out.

Thanks again for your help.

Regards,
Gaurav

On Mon, 24 Jul 2023 at 14:44, Tung Tran  wrote:

> Hi,
>
> Did you try to convert ".crt" file to publicKey?
> Example command: "openssl x509 -pubkey -noout -in domain.crt"
> Then retry with publicKey value (not certificate value)
>
>
> On 24/07/2023 12:31, Gaurav Tyagi wrote:
> > Key is not an instance of SubjectPublicKeyInfo but of null
>
> -
> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
> For additional commands, e-mail: server-user-h...@james.apache.org
>
>

-- 
*Padmini Systems Private Limited* puts the security of the client at a high 
priority. Therefore, we have put efforts into ensuring that the message is 
error and virus-free. Unfortunately, full security of the email cannot be 
ensured as, despite our efforts, the data included in emails could be 
infected, intercepted, or corrupted. Therefore, the recipient should check 
the email for threats with proper software, as the sender does not accept 
liability for any damage inflicted by viewing the content of this email.

Re: Error while starting Mail Server POD in Kubernetes

2023-07-23 Thread Gaurav Tyagi 
Hi Benoit,

Thank you so much for your response.

*Error Message - *
{"timestamp":"2023-07-24T05:11:32.351Z","level":"WARN","thread":"main","logger":"org.apache.james.jwt.PublicKeyReader","message":"Key
is not an instance of SubjectPublicKeyInfo but of null","context":"default"}
{"timestamp":"2023-07-24T05:11:32.366Z","level":"ERROR","thread":"main","logger":"org.apache.james.GuiceJamesServer","message":"Fatal
error while starting
James","context":"default","exception":"com.google.inject.ProvisionException:
Unable to provision, see the following errors:\n\n1)
[Guice/ErrorInCustomProvider]: IllegalStateException: One of the provided
public key is not valid at
JMAPModule.providesJwtTokenVerifier(JMAPModule.java:238)

*Additional information as follows:*
*Method of Installation - Official James Helm Helm Chart from Release 3.8.0
- *Helm-Chart
<https://github.com/apache/james-project/tree/3.8.x/server/apps/distributed-app/helm-chart>
We are using the documentation for following installation instruction -
run-kubernetes
<https://github.com/apache/james-project/blob/3.8.x/server/apps/distributed-app/docs/modules/ROOT/pages/run/run-kubernetes.adoc>
Additionally generated by antora.

*Comment -* some bits of jwtPublicKey/ jwtPrivateKey in secrets.yaml file
causing the issue. However, Self Signed, locally generated valid
certificates are used.
We can provide a certificate and private key using cert-manager, but I
don't know in which format the certificate will be provided in the
secrets.yaml file. It looks like PEM format is accepted.
In jwtPublicKey I am using .crt content
In jwtPrivateKey I am using .key content
-BEGIN PUBLIC KEY- wrapper is shown in documents but Can you please
guide me what file content needs to be used.


Warm Regards,
Gaurav Tyagi



On Mon, 24 Jul 2023 at 06:46, Benoit TELLIER  wrote:

> Hello,
>
> I'm willing to help but the images do not display well.. Can you share the
> errors by text please?
>
> --
>
>
> Best regards,
>
>
>
> Benoit TELLIER
>
>
>
> General manager of Linagora VIETNAM.
>
> Product owner for Team-Mail product.
>
> Chairman of the Apache James project.
>
>
>
> Mail: btell...@linagora.com
>
> Tel: (0033) 6 77 26 04 58 (WhatsApp, Signal)
>
> On Jul 23, 2023 4:44 PM, from gau...@padminisys.com.invalidHello All,
>
>
>
> I am using helm chart for apache james latest stable release.
>
>
>
> You can see following secrets.yaml file
>
>
>
>
>
>
>
>
>
> I have set it as mentioned in the documentation.
>
>
>
> When POD starts everything connects well like Cass, RabbitMQ, Open Search
> but see error while configuring cert.
>
>
>
> I am seeing below error:
>
>
>
>
>
>
>
>
>
>
>
> "message":"Key is not an instance of SubjectPublicKeyInfo but of null"
>
> IllegalStateException: One of the provided public key is not valid
>
>
>
> I have cert Manager installed on my cluster, but I am using this
> self-signed cert using the process -
> https://www.baeldung.com/openssl-self-signed-cert
>
>
>
> In jwtPublicKey I am using .crt content
>
> In jwtPrivateKey I am using .key content
>
>
>
> Both are pem formatted file but as suggested by james docs they have
> mentioned to use -BEGIN PUBLIC KEY- wrapper.
>
>
>
> I am stuck and POD is not starting, Anyone’s help is highly appreciated.
>
>
>
> Thanks,
>
> Gaurav
>
> Software Engineer
>
> Padmini System Private Limited
>
> Mumbai, India
>
>
>
>
>
>
>
>
> Padmini Systems Private Limited puts the security of the client at a high
> priority. Therefore, we have put efforts into ensuring that the message is
> error and virus-free. Unfortunately, full security of the email cannot be
> ensured as, despite our efforts, the data included in emails could be
> infected, intercepted, or corrupted. Therefore, the recipient should check
> the email for threats with proper software, as the sender does not accept
> liability for any damage inflicted by viewing the content of this email.
>

-- 
*Padmini Systems Private Limited* puts the security of the client at a high 
priority. Therefore, we have put efforts into ensuring that the message is 
error and virus-free. Unfortunately, full security of the email cannot be 
ensured as, despite our efforts, the data included in emails could be 
infected, intercepted, or corrupted. Therefore, the recipient should check 
the email for threats with proper software, as the sender does not accept 
liability for any damage inflicted by viewing the content of this email.