jwitko opened a new issue, #13749: URL: https://github.com/apache/druid/issues/13749
### Affected Version `25.0.0` ### Description `druid-kubernetes-overlord-extension` does not support TLSv1.3 I believe this is because the use of [v5.12.2](https://github.com/churromorales/druid/blob/master/extensions-contrib/kubernetes-overlord-extensions/pom.xml#L104-L108) of the [fabric8io/kubernetes-client library](https://github.com/fabric8io/kubernetes-client) I had the minimum required TLS version of my kubernetes API server set to TLSv1.3 and was getting the below failures: ``` 2023-02-02T20:02:00,218 ERROR [TaskQueue-Manager] org.apache.druid.indexing.overlord.TaskQueue - Failed to manage: {class=org.apache.druid.indexing.overlord.TaskQueue, exceptionType=class io.fabric8.kubernetes.client.KubernetesClientException, exceptionMessage=Operation: [list] for kind: [Pod] with name: [null] in namespace: [druid1] failed., restartDelay=30000} io.fabric8.kubernetes.client.KubernetesClientException: Operation: [list] for kind: [Pod] with name: [null] in namespace: [druid1] failed. ... Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version ``` I set java JVM options and fabric8io/kubernetes-client options to enable TLSv1.3: java opts: ``` -Djdk.tls.client.protocols=TLSv1.3 ``` fabric8io opts: ``` KUBERNETES_TLS_VERSIONS=TLSv1.3 ``` I then received the following error: ``` 2023-02-03T16:05:46,011 ERROR [TaskQueue-Manager] org.apache.druid.indexing.overlord.TaskQueue - Failed to manage: {class=org.apache.druid.indexing.overlord.TaskQueue, exceptionType=class io.fabric8.kubernetes.client.KubernetesClientException, exceptionMessage=Operation: [list] for kind: [Pod] with name: [null] in namespace: [druid1] failed., restartDelay=30000} 62 io.fabric8.kubernetes.client.KubernetesClientException: Operation: [list] for kind: [Pod] with name: [null] in namespace: [druid1] failed. ... Caused by: java.net.UnknownServiceException: Unable to find acceptable protocols. isFallback=false, modes=[ConnectionSpec(cipherSuites=[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_CCM_SHA256, TLS_AES_256_CCM_8_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA], tlsVersions=[TLS_1_3], supportsTlsExtensions=true), ConnectionSpec()], supported protocols=[TLSv1.2] ``` It is entirely possibly my hypothesis about fabric8io/kubernetes-client is wrong and the issue is in the java version or some java options I did not set. I am not a java expert at all. CC @churromorales -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
