Not the answer you need?
Register and ask your own question!

v.1.5.0 operator Ssl hadnshake issue

Hi,

I am using v1.5.0 kubernetes operator for mongo, cluster version v1.14.1, mongo - image: percona/percona-server-mongodb:3.6

And I have issue with a lot of requests from operator to mongo pods:

2020-11-01T16:15:37.169+0000 I NETWORK [conn5119] Error receiving request from client: SSLHandshakeFailed: no SSL certificate provided by peer; connection rejected. Ending connection from 10.40.0.3:40190 (connection id: 5119)

2020-11-01T16:15:37.169+0000 I NETWORK [conn5119] end connection 10.40.0.3:40190 (20 connections now open)

2020-11-01T16:15:37.172+0000 E NETWORK [conn5120] no SSL certificate provided by peer; connection rejected

2020-11-01T16:15:37.172+0000 I NETWORK [conn5120] Error receiving request from client: SSLHandshakeFailed: no SSL certificate provided by peer; connection rejected. Ending connection from 10.40.0.3:40196 (connection id: 5120)

2020-11-01T16:15:37.172+0000 I NETWORK [conn5120] end connection 10.40.0.3:40196 (19 connections now open)



It is with default configuration in cr.yaml (no SSL options in secrets section), operator has created ssl secrets:


mongo-cluster-ssl               kubernetes.io/tls           3   13m

mongo-cluster-ssl-internal          kubernetes.io/tls           3   13m


I tried to disable SSL at all, by changing option  allowUnsafeConfigurations: true and removing ssl secrets, apply cr and restart operator, after that I get another errors in mongo log:

2020-11-01T16:22:51.830+0000 I NETWORK [listener] connection accepted from 10.40.0.3:53330 #2454 (17 connections now open)

2020-11-01T16:22:51.831+0000 I NETWORK [conn2454] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 10.40.0.3:53330 (connection id: 2454)

2020-11-01T16:22:51.831+0000 I NETWORK [conn2454] end connection 10.40.0.3:53330 (16 connections now open)

2020-11-01T16:22:52.162+0000 I NETWORK [listener] connection accepted from 10.40.0.3:53342 #2455 (17 connections now open)

2020-11-01T16:22:52.163+0000 I NETWORK [conn2455] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 10.40.0.3:53342 (connection id: 2455)


So question is how to make operator work coreccly with ssl certs, in first case to avoid SSLhandshake issues, or disable ssl at all (2nd case )?

Tagged:

Comments

Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.