Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-104

Jaeger creates reencrypt route to http endpoint

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • OSSM GA
    • Tracing
    • None

      When created a new jaeger in an application project, it creates a reencrypt route to an http (not https) endpoint so the route access won't work.

      Web Console -> Catalog -> Installed Operators -> Jaeger Operator -> Create New -> Modify namespace and Create.

      $ oc project test-mesh
$ oc get all
NAME                             READY   STATUS    RESTARTS   AGE
pod/my-jaeger-6cbb889f4b-9kbx7   1/1     Running   0          135m

NAME                                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                                  AGE
service/my-jaeger-agent                ClusterIP   None            <none>        5775/TCP,5778/TCP,6831/TCP,6832/TCP      6d23h
service/my-jaeger-collector            ClusterIP   172.30.53.173   <none>        9411/TCP,14250/TCP,14267/TCP,14268/TCP   6d23h
service/my-jaeger-collector-headless   ClusterIP   None            <none>        9411/TCP,14250/TCP,14267/TCP,14268/TCP   6d23h
service/my-jaeger-query                ClusterIP   172.30.195.26   <none>        16686/TCP                                6d23h

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/my-jaeger   1/1     1            1           6d23h

NAME                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/my-jaeger-6cbb889f4b   1         1         1       6d21h
replicaset.apps/my-jaeger-f45c854b7    0         0         0       6d23h

NAME                                 HOST/PORT                                             PATH   SERVICES          PORT    TERMINATION   WILDCARD
route.route.openshift.io/my-jaeger   my-jaeger-test-mesh.apps.tkimura.example.com                 my-jaeger-query   <all>   reencrypt     None

$ oc rsh pod/my-jaeger-6cbb889f4b-9kbx7 curl -kv https://localhost:16686
* About to connect() to localhost port 16686 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 16686 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.
command terminated with exit code 35

$ oc rsh pod/my-jaeger-6cbb889f4b-9kbx7 curl -kv http://localhost:16686
< HTTP/1.1 200 OK

$ curl -qk https://$(oc get route my-jaeger --template='{{.spec.host}}')
< HTTP/1.0 503 Service Unavailable

$ oc patch route/my-jaeger -p '
spec:
  tls:
    termination: edge'
route.route.openshift.io/my-jaeger patched

$ curl -qk https://$(oc get route my-jaeger --template='{{.spec.host}}')
< HTTP/1.1 200 OK

        1. Screenshot from 2019-11-14 12-04-31.png
          Screenshot from 2019-11-14 12-04-31.png
          23 kB

              kearls@redhat.com Kevin Earls (Inactive)
              rhn-support-tkimura Takayoshi Kimura
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: