Uploaded image for project: 'AMQ Streams'
  1. AMQ Streams
  2. ENTMQST-6618

Add the cluster's default CA to console-openshift-metrics.yaml

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Normal Normal
    • 3.0.0.GA
    • 2.9.0.GA
    • console
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      • Add the cluster's default CA to the trustStore in "examples/console/resources/console/console-openshift-metrics.yaml"
        • The kube-root-ca.crt configmap is present by default in all namespaces.
        • apiVersion: console.streamshub.github.com/v1alpha1
kind: Console
...
spec:
...
metricsSources:
     trustStore:
       type: PEM
       content:
         valueFrom:
           configMapKeyRef:
             name: kube-root-ca.crt
             key: ca.crt
      • Maybe "Example metrics configuration for Openshift monitoring (1)" in the document also should be changed to add the above trustStore configuration.
      • Without the the above trustStore configuration in console-openshift-metrics.yaml "Topic metrics are not available for this cluster or no topic activity found. Please check your configuration" occurs in the Web console with openshift-monitoring. And the following exceptions occur in the web console container log because openshift-monitoring uses the cluster's default CA, which is a self-signed certificate, as default 
        2025-02-18T04:18:24.840528489Z 2025-03-28 05:18:24,837 WARN  [com.git.str.con.api.ser.MetricsService] (ForkJoinPool.commonPool-worker-1) Failed to retrieve Kafka cluster metrics: jakarta.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: Failed to create SSL connection
2025-02-18T04:18:24.840528489Z  at 
... 
2025-02-18T04:18:24.840634785Z  ... 31 more
2025-02-18T04:18:24.840634785Z Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2025-02-18T04:18:24.840634785Z  at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
2025-02-18T04:18:24.840634785Z  at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
2025-02-18T04:18:24.840634785Z  at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
2025-02-18T04:18:24.840634785Z  at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
2025-02-18T04:18:24.840634785Z  ... 36 more

      (1) https://docs.redhat.com/en/documentation/red_hat_streams_for_apache_kafka/2.9/html-single/using_the_streams_for_apache_kafka_console/index#ref-openshift-metrics-options-str

              Unassigned Unassigned
              rhn-support-tyamashi Tomonari Yamashita
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: