Hi ,
I am trying to setup Kong Enterprise (Free Mode) in my development environment using Self-signed SSL Certificate. During Data plane deployment it gives me below error:
2024/04/09 00:53:50 [error] 2420#0: *1581 [lua] telemetry.lua:224: connection to control plane wss://kong-cp-kong-clustertelemetry.kong.svc.cluster.local:8006/v1/ingest?node_id=b0ac1066-414f-461f-8dab-1cacdda6c7a6&node_hostname=kong-dp-kong-8ff7674dd-4pwsr&node_version=3.6.1.2 broken: ssl handshake failed: 21: unable to verify the first certificate retrying after 10 seconds. please check configs "cluster_telemetry_endpoint", "cluster_telemetry_server_name", "cluster_server_name" or "cluster_mtls"., context: ngx.timer
I have read somewhere for self-signed SSL certificate we need to disable SSL Verification on data plane. How do we achieve this when deploying in Kubernetes .
My Control Plane Configuration is as following:
# Do not use Kong Ingress Controller
ingressController:
enabled: false
image:
repository: kong/kong-gateway
tag: "3.6.1.2"
# Mount the secret created earlier
secretVolumes:
- kong-tls
env:
# This is a control_plane node
role: control_plane
# These certificates are used for control plane / data plane communication
cluster_cert: /etc/secrets/kong-tls/tls.crt
cluster_cert_key: /etc/secrets/kong-tls/tls.key
# Database
# CHANGE THESE VALUES
database: postgres
pg_database: kong
pg_user: kong
pg_password: mypassword
pg_host: kong-cp-postgresql.kong.svc.cluster.local
pg_ssl: "on"
# Kong Manager password
password: mypassword
# Enable enterprise functionality
enterprise:
enabled: false
license_secret: kong-enterprise-license
# The control plane serves the Admin API
admin:
enabled: true
http:
enabled: true
# Clustering endpoints are required in hybrid mode
cluster:
enabled: true
tls:
enabled: true
clustertelemetry:
enabled: true
tls:
enabled: true
# Optional features
manager:
enabled: true
# These roles will be served by different Helm releases
proxy:
enabled: false
postgresql:
enabled: true
auth:
password: mypassword
My Data plane config is as following:
ingressController:
enabled: false
image:
repository: kong/kong-gateway
tag: "3.6.1.2"
# Mount the secret created earlier
secretVolumes:
- kong-tls
env:
# data_plane nodes do not have a database
role: data_plane
database: "off"
# Tell the data plane how to connect to the control plane
cluster_control_plane: kong-cp-kong-cluster.kong.svc.cluster.local:8005
cluster_telemetry_endpoint: kong-cp-kong-clustertelemetry.kong.svc.cluster.local:8006
# Configure control plane / data plane authentication
lua_ssl_trusted_certificate: /etc/secrets/kong-tls/tls.crt
cluster_cert: /etc/secrets/kong-tls/tls.crt
cluster_cert_key: /etc/secrets/kong-tls/tls.key
# Enable enterprise functionality
enterprise:
enabled: true
license_secret: kong-enterprise-license
# The data plane handles proxy traffic only
proxy:
enabled: true
# These roles are served by the kong-cp deployment
admin:
enabled: false
manager:
enabled: false
Am i doing something wrong , or is there a way to deploy kong for dev environment using self signed SSL Cert.