1

I installed kubernetes (1 controller node and 4 worker nodes).

O.S. Ubuntu 22.04.1 kubernetes v1.26.1 Calico v3.25.0

From a POD I need to get authenticate to an external server.

The request works perfectly when running on the node itself (NOT inside POD), but it doesn't inside a kubernetes POD.

I installed network-tools, this is the yaml file

`apiVersion: apps/v1 kind: Deployment metadata: name: network-tools namespace: tools labels: app: network-tools spec: replicas: 1 selector: matchLabels: app: network-tools template: metadata: labels: app: network-tools spec: containers: - name: network-tools image: praqma/network-multitool

I tried this command: curl -k 'https://xxxxxxxxxxx/RequestSessionToken' -H 'Content-Type: application/json' -d '{"Username": "username", "Password": "password", "TokenLifetime": 3600}'

Response inside NODE (GOOD!): {"Token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","UserStatusCode":0}

Response inside POD network-tools (BAD!): curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Adding -vvv at the end (inside POD): `* Trying xx.xx.xx.xx:443...

  • Connected to domainname (xx.xx.xx.xx) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: none
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • error:1408F10B:SSL routines:ssl3_get_record:wrong version number
  • Closing connection 0 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number`

I tried adding several flags like tls-max tls-version insecure etc etc without success.

Thanks in advance for your help

Improve this question
3
  • There are multiple reasons for this issue error:1408F10B:SSL routines:ssl3_get_record:wrong version number since you are saying that you are using calico. I found that this document might be relevant. Can you confirm whether you are using calico-typha in your configuration, you can find this by using following command kubectl get services if there is a service named calico-typho follow this document for installing calico/node with a certificate this will resolve the issue. Commented Feb 7, 2023 at 12:14
  • If this didn’t worked we can check and troubleshoot kube-proxy configs. Commented Feb 7, 2023 at 12:15
  • Thanks for the answer. I am using calico-typa. I found the reason why it happens. The DNS resolves different IP address when inside the POD. If I try curl with the IP address resolved in the POD also the NODE returns the same error. Commented Feb 8, 2023 at 13:40
Related questions
0
SharePoint OOTB Workflow Problem
0
Issue with Purchase Requisition Module - OpenErp
1
Multi Company Restriction in Odoo 9
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.