Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: reason: self signed certificate in certificate chain #47

Open
mikepoz59 opened this issue Sep 10, 2022 · 1 comment
Open

Error: reason: self signed certificate in certificate chain #47

mikepoz59 opened this issue Sep 10, 2022 · 1 comment

Comments

@mikepoz59
Copy link

mikepoz59 commented Sep 10, 2022
edited
Loading

Describe the bug
When running Franz from my local system against Prometheus deployed in my company's K8S cluster using, apparently, self signed certificate, I get the following error for a large number of similar queries on launching the Franz portal on http://localhost:3000

Error: FetchError: request to https://prometheus.myCompany.com/api/v1/query?query=(sum(kafka_cluster_partition_insyncreplicascount%7Btopic=~%22__consumer_offsets%22%7D)by(topic)) failed, reason: self signed certificate in certificate chain

To Reproduce
Steps to reproduce the behavior:

  1. Install Kafka in K8S cluster and expose it via Nodeport for use.
  2. Validate that the Kafka brokers can be reached from my dev desktop using a test application.
  3. Install Prometheus in K8S cluster and expose it via both Nodeport and Ingress.
  4. Validate that both URLs http:Nodeport, and https://ingress and successfully display the Prometheus portal from my dev desktop.
  5. Set .env to use either of the two URLs to the Prometheus instance, save the changes and run "npm start".
  6. When console indicates that the console is available on port 3000, open the portal.

Expected behavior
The portal to draw properly and be able to retrieve data with no errors in the console.

Actual behavior*
All attempts to query the Prometheus service fail with the self signed cert issue.

Thing's I've attempted to resolve the issue:

  1. Import the cert in my system cert store as a Trusted Root Cert Authority
  2. Set strict SSL to false
  3. Set NPM config to point to the cert directly

Source of the attempts:
https://stackoverflow.com/questions/13913941/how-to-fix-ssl-certificate-error-when-running-npm-on-windows/30341389#30341389

None of these things have worked, so I need help/guidance.

Desktop (please complete the following information):

  • OS: Windows 11
  • Browser Edge and Chrome
  • Version Latest on both.

Additional context
What I'm looking for is a way to make this work so I can evaluate it for use within my team to monitor and manage our Kafka clusters, so any help would be greatly appreciated.
@rbhastie
Copy link
Contributor

@mikepoz59

Thank you for opening this issue.

We set up a testing environment with a Docker image of a Prometheus config that uses a self-signed certificate to recreate this issue. When using a self-signed certificate, the best solution for a develop environment, though discouraged, is to utilize the NODE_TLS_REJECT_UNAUTHORIZED=0 command before running the npm command to start FranzView, e.g.:

$ NODE_TLS_REJECT_UNAUTHORIZED=0 npm start

More information can be found here:
https://stackoverflow.com/questions/45088006/nodejs-error-self-signed-certificate-in-certificate-chain
https://nodejs.org/api/cli.html#:~:text=not%20be%20fixed.-,NODE_TLS_REJECT_UNAUTHORIZED,-%3Dvalue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikepoz59 @rbhastie