我有一个 quarkus-graphql、quarkus-restservice 和一个 openliberty restservice 在不同命名空间的 openshift 中运行。Quarkus-graphql 正在使用 RestClient 访问 restservices。在所有应用程序中,tls.key 和 tls.crt 由 penshift 服务资源注释 service.alpha.openshift.io/serving-cert-secret-name: app-certs 创建并作为卷添加到容器中。所有应用程序都有一个 initContainer,其中 keystore.jsk 键是从上面的 tls 键和 crt 创建的。
应用程序构建“./mvnw clean package”,然后推送到 openshift docker-registry,然后使用将应用程序部署到 openshift 的 openshift oc 命令处理附加的模板。
当我尝试从 graphql 访问 RestClient 时出现以下错误
{"timestamp":"2020-07-14T16:38:35.699Z","sequence":2534,"loggerClassName":"io.smallrye.graphql.SmallRyeGraphQLServerLogging_$logger","loggerName":"io.smallrye.graphql","level":"ERROR","message":"SRGQL012000: Data Fetching Error","threadName":"vert.x-worker-thread-4","threadId":31,"mdc":{"spanId":"bff570a4999237ef","traceId":"ce2fa5ea28bfe42b","sampled":"false"},"ndc":"","hostName":"graphql-mp-1-qxbjq","processName":"app.jar","processId":1,"exception":{"refId":1,"exceptionType":"javax.ws.rs.ProcessingException","message":"RESTEASY004655: Unable to invoke request: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","frames":[{"class":"org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine","method":"invoke","line":287},{"class":"org.jboss.resteasy.client.jaxrs.internal.ClientInvocation","method":"invoke","line":488},{"class":"org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker","method":"invokeSync","line":149},{"class":"org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker","method":"invoke","line":112},{"class":"org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy","method":"invoke","line":76},{"class":"com.sun.proxy.$Proxy57","method":"getUserDetails"},{"class":"jdk.internal.reflect.NativeMethodAccessorImpl","method":"invoke0"},{"class":"jdk.internal.reflect.NativeMethodAccessorImpl","method":"invoke","line":62},{"class":"jdk.internal.reflect.DelegatingMethodAccessorImpl","method":"invoke","line":43},{"class":"java.lang.reflect.Method","method":"invoke","line":566},{"class":"org.jboss.resteasy.microprofile.client.ProxyInvocationHandler","method":"invoke","line":144},{"class":"com.sun.proxy.$Proxy58","method":"getUserDetails"},{"class":"com.bcbsnc.EntityResource","method":"getQuarkusUserDetails","line":112},{"class":"com.bcbsnc.EntityResource_Subclass","method":"getQuarkusUserDetails$$superaccessor6","line":1464},{"class":"com.bcbsnc.EntityResource_Subclass$$function$$6","method":"apply","line":33},{"class":"io.quarkus.arc.impl.AroundInvokeInvocationContext","method":"proceed","line":54},{"class":"io.smallrye.faulttolerance.FaultToleranceInterceptor","method":"lambda$syncFlow$5","line":204},{"class":"io.smallrye.faulttolerance.core.InvocationContext","method":"call","line":20},{"class":"io.smallrye.faulttolerance.core.Invocation","method":"apply","line":24},{"class":"io.smallrye.faulttolerance.core.retry.Retry","method":"apply","line":50},{"class":"io.smallrye.faulttolerance.core.GeneralMetricsRecorder","method":"apply","line":17},{"class":"io.smallrye.faulttolerance.FaultToleranceInterceptor","method":"syncFlow","line":206},{"class":"io.smallrye.faulttolerance.FaultToleranceInterceptor","method":"interceptCommand","line":159}
应用属性
quarkus.http.ssl-port=9443
quarkus.http.ssl.certificate.file=/var/run/secrets/openshift.io/app-certs/tls.crt
quarkus.http.ssl.certificate.key-file=/var/run/secrets/openshift.io/app-certs/tls.key
quarkus.http.ssl.certificate.key-store-file=/var/run/secrets/java.io/keystores/keystore.jks
quarkus.http.ssl.certificate.key-store-password=${KEYSTORE_PASSWORD:${DEFAULTVALUE}}
quarkus.http.insecure-requests=redirect
com.bcbsnc.dao.QuarkusService/mp-rest/url=<restService Endpoint>
com.bcbsnc.dao.QuarkusService/mp-rest/scope=javax.inject.Singleton
我已经打开了一个问题https://github.com/quarkusio/quarkus/issues/10727但是如果有人遇到这个问题并解决了它,我将不胜感激
拉吉