🎄 Happy Holidays! 🥳
Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.
Happy Holidays!
Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.
Issues with running Solace Helm chart with Redundancy and TLS enabled.
Trying to figure out what reason this would not work. I am able to use the solace helm chart (https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart) to run solace in my GKE kubernetes cluster with tls enabled using my cert secret, however when I enable redundancy, 2 of the pods will not become ready. I was able to confirm that if I run redundancy on with tls disabled, all 3 pods startup correctly. The pods themselves dont seem to give too much in the way of an error message, Readiness probe failed: Fri Feb 4 20:12:11 UTC 2022 INFO: readiness_check.sh-Waiting for valid server status response, got:
As well as: startup-broker.sh-Waited 110 seconds, Management API not yet accessible
<returnInfo><errorInfo>management host is not responding</errorInfo></returnInfo>
from the container logs.
There's a number of warnings in my container logs but nothing that stands out.
Curious if anyone has had this issue before if there is additional setup that is needed to use HA mode with TLS.
Answers
-
Thanks Paul, this got me a bit closer but I'm still having a few issues. It looks like the startup-broker.sh is failing in the tls block when trying to curl the SEMP api to set the tlsServerCertContent. I got into the pod and tried to make the call myself and it is telling me my cert is invalid:
"meta":{
"error":{
"code":2,
"description":"Problem with tlsServerCertContent: The certificate in .sempV2/cert.pem is invalid.",
"status":"FAIL"
},
"request":{
"method":"PATCH",
"uri":"https://localhost:1943/SEMP/v2/config/"
},
"responseCode":400
}
I did verify on my own machine that the cert file is valid, and has been tested with other services so I'm unsure why there would be issues. Do you have any insights?
0