diff --git a/README.md b/README.md index 4a0237b..3bc43bd 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,23 @@ An example configuration of your pod's environment looks like this: When enabling Kubernetes autoclustering, don't set ```DOCKER_VERNEMQ_DISCOVERY_NODE```. +> If you encounter "SSL certification error (subject name does not match the host name)" like below, Please try to set ```DOCKER_VERNEMQ_KUBERNETES_INSECURE``` as "1". +> +> ```text +> kubectl logs vernemq-0 +> % Total % Received % Xferd Average Speed Time Time Time Current +> Dload Upload Total Spent Left Speed +> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (51) SSL: certificate subject name 'client' does not match target host name 'kubernetes.default.svc.cluster.local' +> % Total % Received % Xferd Average Speed Time Time Time Current +> Dload Upload Total Spent Left Speed +> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (51) SSL: certificate subject name 'client' does not match target host name 'kubernetes.default.svc.cluster.local' +> vernemq failed to start within 15 seconds, +> see the output of 'vernemq console' for more information. +> If you want to wait longer, set the environment variable +> WAIT_FOR_ERLANG to the number of seconds to wait. +> ... +> ``` + ### Checking cluster status To check if the bove containers have successfully clustered you can issue the ```vmq-admin``` command: diff --git a/bin/vernemq.sh b/bin/vernemq.sh index dc40cd1..471a0c8 100755 --- a/bin/vernemq.sh +++ b/bin/vernemq.sh @@ -17,14 +17,20 @@ if env | grep -q "DOCKER_VERNEMQ_DISCOVERY_NODE"; then echo "-eval \"vmq_server_cmd:node_join('VerneMQ@${DOCKER_VERNEMQ_DISCOVERY_NODE}')\"" >> /etc/vernemq/vm.args fi +# If you encounter "SSL certification error (subject name does not match the host name)", Please try to set DOCKER_VERNEMQ_KUBERNETES_INSECURE as "1". +insecure="" +if env | grep -q "DOCKER_VERNEMQ_KUBERNETES_INSECURE"; then + insecure="--insecure" +fi + if env | grep -q "DOCKER_VERNEMQ_DISCOVERY_KUBERNETES"; then # Let's set our nodename correctly - VERNEMQ_KUBERNETES_SUBDOMAIN=$(curl -X GET --insecure --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt https://kubernetes.default.svc.cluster.local/api/v1/namespaces/$DOCKER_VERNEMQ_KUBERNETES_NAMESPACE/pods?labelSelector=app=$DOCKER_VERNEMQ_KUBERNETES_APP_LABEL -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | jq '.items[0].spec.subdomain' | sed 's/"//g' | tr '\n' '\0') + VERNEMQ_KUBERNETES_SUBDOMAIN=$(curl -X GET $insecure --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt https://kubernetes.default.svc.cluster.local/api/v1/namespaces/$DOCKER_VERNEMQ_KUBERNETES_NAMESPACE/pods?labelSelector=app=$DOCKER_VERNEMQ_KUBERNETES_APP_LABEL -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | jq '.items[0].spec.subdomain' | sed 's/"//g' | tr '\n' '\0') VERNEMQ_KUBERNETES_HOSTNAME=${MY_POD_NAME}.${VERNEMQ_KUBERNETES_SUBDOMAIN}.${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE}.svc.cluster.local sed -i.bak -r "s/VerneMQ@.+/VerneMQ@${VERNEMQ_KUBERNETES_HOSTNAME}/" /etc/vernemq/vm.args # Hack into K8S DNS resolution (temporarily) - kube_pod_names=$(curl -X GET --insecure --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt https://kubernetes.default.svc.cluster.local/api/v1/namespaces/$DOCKER_VERNEMQ_KUBERNETES_NAMESPACE/pods?labelSelector=app=$DOCKER_VERNEMQ_KUBERNETES_APP_LABEL -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | jq '.items[].spec.hostname' | sed 's/"//g' | tr '\n' ' ') + kube_pod_names=$(curl -X GET $insecure --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt https://kubernetes.default.svc.cluster.local/api/v1/namespaces/$DOCKER_VERNEMQ_KUBERNETES_NAMESPACE/pods?labelSelector=app=$DOCKER_VERNEMQ_KUBERNETES_APP_LABEL -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | jq '.items[].spec.hostname' | sed 's/"//g' | tr '\n' ' ') for kube_pod_name in $kube_pod_names; do if [ $kube_pod_name == "null" ]