How to deploy on Kubernetes using AxonIQ Cloud?

danstoofox · May 28, 2022, 1:06pm

Hello,

I am currently trying to deploy one of our services on Kubernetes. We wanted to use the AxonIQ Cloud offer to save some time. I have created the necessary resources in the cloud console and added an application binding.

I am not very familiar with Kubernetes but have integrated AWS RDS in the past. I assumed I can use a similar approach but am greeted with a connection error:

io.grpc.StatusRuntimeException: UNAVAILABLE: io exception
Channel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]

...

Caused by: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem

...

Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching axon-server found.

To connect to the AxonIQ Cloud I have created an ExternalService in Kubernetes:

apiVersion: v1
kind: Service
metadata:
  name: axon-server
spec:
  type: ExternalName
  externalName: axonserver.cloud.axoniq.io

In my service, I use environment variables for configuration

axon:
  axonserver:
    servers: ${AXON_URL}            // is set to "axon-server:443"
    keep-alive-time: 0
    ssl-enabled: true
    context: ${AXON_CONTEXT}
    token: ${AXON_TOKEN}

This setup works in my IDE but not when deployed in Kubernetes so I guess I am missing some configuration.

Thanks in advance
Daniel

danstoofox · May 28, 2022, 3:14pm

Update:

If I disable the “ssl-enabled” setting it gives me another error:

io.grpc.StatusRuntimeException: INTERNAL: http2 exception

...

Caused by: io.netty.handler.codec.http2.Http2Exception: First received frame was not SETTINGS. Hex dump for first 5 bytes: 1503010002

danstoofox · May 29, 2022, 1:14pm

I was able to resolve the errors by simply removing my ExternalName service and using the URL directly.

axon:
  axonserver:
    servers: ${AXON_URL}            // is set to "axonserver.cloud.axoniq.io:443"
    keep-alive-time: 0
    ssl-enabled: true
    context: ${AXON_CONTEXT}
    token: ${AXON_TOKEN}

No further setup is required. I hope this helps someone.

Yvonne_Ceelie · May 29, 2022, 6:39pm

Hi Daniel,

This is indeed the solution to connect to AxonIQ Cloud. When creating the application in Cloud you can copy/paste the settings provided in your application properties:

axon.axonserver.servers= axonserver.cloud.axoniq.io:443
axon.axonserver.keep-alive-time=0
axon.axonserver.ssl-enabled=true
axon.axonserver.context=${your-context}
axon.axonserver.token=${provided-token-by-axoniq-cloud}

KR,

Yvonne