kafka-ui icon indicating copy to clipboard operation
kafka-ui copied to clipboard

Published 20 hours ago verified publisher icon kafbat

How to use custom SERDE with https

Open marcosschroh opened this issue 1 year ago • 2 comments

Issue submitter TODO list

  • [X] I've looked up my issue in FAQ
  • [X] I've searched for an already existing issues here
  • [X] I've tried running main-labeled docker image and the issue still persists there
  • [X] I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

We have added a custom SERDE which is not properly working with HTTPS. The java class of our customer serde gets the schemas from our schema server to deserialize the events, but it can not be initialized due an error:

Basically, when the container starts it crashed with the following error:

    ...
	at java.base/java.net.URLConnection.getContent(URLConnection.java:759)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:404)

	at com.datalab.HttpClientInterface.getInputStreamToHttpServer(HttpClientInterface.java:50)
	at com.datalab.HttpClientInterface.getBytesFromHttpServer(HttpClientInterface.java:62)
	at com.datalab.SchemaStore.<init>(SchemaStore.java:75)
	at com.datalab.SchemaStore.initialize(SchemaStore.java:102)
	at DesSerde.configure(DesSerde.java:18)
	... 39 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

We have created a truststore.jks which contains the certificates of our schema server. We have verifies that the truststore.jks is properly mounted in kubernetes when using the env variable KAFKA_CLUSTERS_0_SSL_TRUSTSTORE_LOCATION.

If we remove the custom SERDE everything works as expected. My question is: Is the custom SERDE using the truststore specified in the KAFKA_CLUSTERS_0_SSL_TRUSTSTORE_LOCATION or is it using the java cacerts? We try to set the option java -Djavax.net.ssl.trustStore=/truststore/truststore.jks but is does not work either.

Any ideas?

Expected behavior

No response

Your installation details

Helm details:

- name: kafka-ui
  version: "1.4.5"
  repository: "https://kafbat.github.io/helm-charts"

Docker Image:

  image:
    repository: kafbat/kafka-ui
    tag: "42c236dbae7874851698533bb865787950d2a9f7"

Steps to reproduce

  1. Create a customer serde class that uses a Schema Server with HTTPS
  2. Set the properties:
KAFKA_CLUSTERS_0_SERDE_0_NAME: MySerde
KAFKA_CLUSTERS_0_SERDE_0_CLASSNAME: path.to.class..DesSerde
KAFKA_CLUSTERS_0_SERDE_0_FILEPATH: /pvc/kafka-ui-serde-1.0.jar
KAFKA_CLUSTERS_0_SERDE_0_PROPERTIES_REGISTRYURL: https://my-schema-server.com
KAFKA_CLUSTERS_0_DEFAULT_VALUE_SERDE: MySerde

Screenshots

No response

Logs

No response

Additional context

No response

marcosschroh avatar Oct 08 '24 15:10 marcosschroh