We’re using Kong v2.8.1 with Cassandra. So far we were routing only L7 (HTTPS) traffic but recently we had a use case where we needed the L4 (TCP) proxying capabilities of Kong. (Kong’s TCP Stream support - TCP stream support in Kong - How to try it, and what's next?)
Once we enabled the KONG_STREAM_LISTEN and did the needed setup, we started seeing the following error messages (172.17.100.232 is a Cassandra node):
[error] 234#0: *1037 stream [lua] init.lua:400: [cluster_events] failed to poll: failed to retrieve events from DB: all hosts tried for query failed.
172.17.100.232: SSL handshake: 19: self signed certificate in the certificate chain.
Cassandra is using a self-signed certificate. Kong is configured to verify and trust Cassandra’s self-signed certificate by setting KONG_CASSANDRA_SSL=true, KONG_CASSANDRA_SSL_VERIFY=true, and KONG_LUA_SSL_TRUSTED_CERTIFICATE. This configuration works and we see no error messages when we route only HTTPS. Once we enable the KONG_STREAM_LISTEN we start to see the above-mentioned error messages.
Traffic is routed as expected both at L4 and L7. Kong seems to be communicating with Cassandra just fine (it reads and writes its data successfully) but we’re trying to understand why we see such errors.
Thanks in advance!