Hi,
I have a kong error log in the proxy container: handler.lua:27 reporter flush failed to request: 20: unable to get local issuer certificate, context: ngx.timer, client: 10.126.0.244, server: 0.0.0.0:8443
I don’t understand what is the cause of this log.
Few hours earlier kong was returned me the default ssl cert and then without changing anything all my endpoints respond correctly with https.
Actually I didn’t reproduce the issue of this morning, and the error log continue to appear in my logs
extract of my logs:
10.126.0.28 - - [25/May/2020:09:59:13 +0000] "GET /users/jwt HTTP/2.0" 200 133 "https://orpheus.barney.hvbrt.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
2020/05/25 09:59:13 [error] 27#0: *2632859 [kong] handler.lua:27 reporter flush failed to request: 20: unable to get local issuer certificate, context: ngx.timer, client: 10.126.0.28, server: 0.0.0.0:8443
10.126.0.251 - - [25/May/2020:09:59:51 +0000] "POST / HTTP/1.1" 404 19 "-" "SendGrid Event API"
2020/05/25 09:59:51 [error] 27#0: *2633178 [kong] handler.lua:27 reporter flush failed to request: 20: unable to get local issuer certificate, context: ngx.timer, client: 10.126.0.251, server: 0.0.0.0:8443
10.126.0.244 - - [25/May/2020:10:00:06 +0000] "POST / HTTP/1.1" 404 19 "-" "SendGrid Event API"
2020/05/25 10:00:06 [error] 27#0: *2633305 [kong] handler.lua:27 reporter flush failed to request: 20: unable to get local issuer certificate, context: ngx.timer, client: 10.126.0.244, server: 0.0.0.0:8443
10.126.0.24 - - [25/May/2020:10:00:12 +0000] "POST / HTTP/1.1" 404 19 "-" "SendGrid Event API"
2020/05/25 10:00:12 [error] 27#0: *2633359 [kong] handler.lua:27 reporter flush failed to request: 20: unable to get local issuer certificate, context: ngx.timer, client: 10.126.0.24, server: 0.0.0.0:8443
10.126.0.24 - - [25/May/2020:10:00:12 +0000] "POST / HTTP/1.1" 404 19 "-" "SendGrid Event API"
2020/05/25 10:00:12 [error] 27#0: *2633369 [kong] handler.lua:27 reporter flush failed to request: 20: unable to get local issuer certificate, context: ngx.timer, client: 10.126.0.24, server: 0.0.0.0:8443
10.126.0.240 - - [25/May/2020:10:00:13 +0000] "GET /?token=... HTTP/1.1" 101 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
2020/05/25 10:00:13 [error] 27#0: *2633371 [kong] handler.lua:27 reporter flush failed to request: 20: unable to get local issuer certificate, context: ngx.timer, client: 10.126.0.240, server: 0.0.0.0:8443
10.126.0.28 - - [25/May/2020:10:00:13 +0000] "GET /users/jwt HTTP/2.0" 200 133 "https://orpheus.barney.hvbrt.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
2020/05/25 10:00:13 [error] 27#0: *2633374 [kong] handler.lua:27 reporter flush failed to request: 20: unable to get local issuer certificate, context: ngx.timer, client: 10.126.0.28, server: 0.0.0.0:8443
10.126.0.248 - - [25/May/2020:10:00:18 +0000] "POST / HTTP/1.1" 404 19 "-" "SendGrid Event API"
2020/05/25 10:00:18 [error] 27#0: *2633419 [kong] handler.lua:27 reporter flush failed to request: 20: unable to get local issuer certificate, context: ngx.timer, client: 10.126.0.248, server: 0.0.0.0:8443
I’m running kong ingress controller in dbless mode with this config:
Name: kong-kong-759876958-qxk94
Namespace: default
Priority: 0
Node: gke-barney-barney-general-purpose-6b9675f4-q8l4/10.126.0.24
Start Time: Wed, 20 May 2020 17:12:03 +0200
Labels: app.kubernetes.io/component=app
app.kubernetes.io/instance=kong
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=kong
app.kubernetes.io/version=2
helm.sh/chart=kong-1.5.0
pod-template-hash=759876958
Annotations: cni.projectcalico.org/podIP: 10.140.4.103/32
kubernetes.io/limit-ranger: LimitRanger plugin set: cpu request for container ingress-controller
Status: Running
IP: 10.140.4.103
IPs: <none>
Controlled By: ReplicaSet/kong-kong-759876958
Containers:
ingress-controller:
Container ID: docker://dd92b8cf1587fb1ad7866cf490090fcde0e35bbc3916662b668ef21f702c07db
Image: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller:0.8.1
Image ID: docker-pullable://kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller@sha256:c7ccb6600d166a4986a30decf8a2db06161240b77e745de25ec8ce459a6570fa
Port: <none>
Host Port: <none>
Args:
/kong-ingress-controller
State: Running
Started: Wed, 20 May 2020 17:12:16 +0200
Last State: Terminated
Reason: Error
Exit Code: 255
Started: Wed, 20 May 2020 17:12:05 +0200
Finished: Wed, 20 May 2020 17:12:05 +0200
Ready: True
Restart Count: 2
Requests:
cpu: 100m
Liveness: http-get http://:10254/healthz delay=5s timeout=5s period=10s #success=1 #failure=3
Readiness: http-get http://:10254/healthz delay=5s timeout=5s period=10s #success=1 #failure=3
Environment:
POD_NAME: kong-kong-759876958-qxk94 (v1:metadata.name)
POD_NAMESPACE: default (v1:metadata.namespace)
CONTROLLER_ELECTION_ID: kong-ingress-controller-leader-kong
CONTROLLER_INGRESS_CLASS: kong
CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY: true
CONTROLLER_KONG_URL: https://localhost:8444
CONTROLLER_PUBLISH_SERVICE: default/kong-kong-proxy
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kong-kong-token-m46dn (ro)
proxy:
Container ID: docker://c400e17164a4ae866db00a498e3b3f6ce6f306ee5c3250e304f801906f29c4a9
Image: kong:2.0.4
Image ID: docker-pullable://kong@sha256:32a09516a4fad6a7d42a90f7f754970555027a73e349b980a72c7120e00488b4
Ports: 8444/TCP, 8000/TCP, 8443/TCP, 8100/TCP, 9542/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP
State: Running
Started: Wed, 20 May 2020 17:12:04 +0200
Ready: True
Restart Count: 0
Limits:
cpu: 150m
memory: 150Mi
Requests:
cpu: 150m
memory: 150Mi
Liveness: http-get http://:metrics/status delay=5s timeout=5s period=10s #success=1 #failure=3
Readiness: http-get http://:metrics/status delay=5s timeout=5s period=10s #success=1 #failure=3
Environment:
KONG_ADMIN_ACCESS_LOG: /dev/stdout
KONG_ADMIN_ERROR_LOG: /dev/stderr
KONG_ADMIN_GUI_ACCESS_LOG: /dev/stdout
KONG_ADMIN_GUI_ERROR_LOG: /dev/stderr
KONG_ADMIN_LISTEN: 0.0.0.0:8444 http2 ssl
KONG_DATABASE: off
KONG_HEADERS: off
KONG_LUA_PACKAGE_PATH: /home/kong/maxmind-geoip2/?.lua;/opt/?.lua;/opt/?/init.lua;;
KONG_NGINX_DAEMON: off
KONG_NGINX_DAEMON: off
KONG_NGINX_HTTP_INCLUDE: /kong/servers.conf
KONG_NGINX_WORKER_PROCESSES: 1
KONG_PLUGINS: bundled
KONG_PORTAL_API_ACCESS_LOG: /dev/stdout
KONG_PORTAL_API_ERROR_LOG: /dev/stderr
KONG_PREFIX: /kong_prefix/
KONG_PROXY_ACCESS_LOG: /dev/stdout
KONG_PROXY_ERROR_LOG: /dev/stderr
KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 http2 ssl
KONG_REAL_IP_HEADER: proxy_protocol
KONG_REAL_IP_RECURSIVE: on
KONG_STATUS_LISTEN: 0.0.0.0:8100
KONG_STREAM_LISTEN: off
KONG_TRUSTED_IPS: 0.0.0.0/0,::/0
KONG_VERSION: 2.0.4
Mounts:
/kong from custom-nginx-template-volume (rw)
/kong_prefix/ from kong-kong-prefix-dir (rw)
/tmp from kong-kong-tmp (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kong-kong-token-m46dn (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kong-kong-prefix-dir:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kong-kong-tmp:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
custom-nginx-template-volume:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: kong-kong-default-custom-server-blocks
Optional: false
kong-kong-token-m46dn:
Type: Secret (a volume populated by a Secret)
SecretName: kong-kong-token-m46dn
Optional: false