我使用quarkus-oidc通过密钥斗篷来保护资源。这是使用的代码:
@Path("/api")
public class NamasteResource {
@Inject
JsonWebToken jwt;
@GET
@Path("health")
@Produces(MediaType.TEXT_PLAIN)
public String health() {
return "I'm ok";
}
@GET
@RolesAllowed("USERS")
@Path("namaste-secured")
@Produces(MediaType.TEXT_PLAIN)
public String namasteSecured() {
String userName = jwt.getName();
return "Hello " + userName;
}
}
健康资源用于吊舱的准备状态探测。这里的问题是,当openshift集群启动并部署pod时,我会收到一个内部服务器错误,应用程序不再工作。这是异常跟踪:
2021-06-24 01:59:44457错误[io.qua.ver.htt.run.QuarkusErrorHandler](vert.x-eventloop-read-0)发送到/api/health的HTTP请求失败,错误id:80e18320-2973-48c6-a377-edfc0f1db56b-1:io.quarkus.oid.oidc异常:租户配置尚未解决位于io.quarkus.oidc.runtime.OidcAuthenticationMechanism.resolve(OidcAuthentication Mechanism.java:61)位于io.quarkus.oidc.runtime.OidcAuthenticationMechanism.authenticate(OidcAuthentication Mechanism.java:40)位于io.quarkus.oidc.runtime.OidcAuthenticationMechanism_ClientProxy.authenticate(OidcAuthentication Mechanism.ClientProxy.zig:189)位于io.quarkus.vertx.http.runtime.security.HttpAuthenticator.temptAuthentication(HttpAuthenticator.java:100)位于io.quarkus.vertx.http.runtime.security.HttpAuthenticator_ClientProxy.tempptAuthentication(HttpAuthenticator_CClientProxy zig:157)位于io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder$2.handle(HttpSecurityRecorder.java:101)位于io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder$2.handle(HttpSecurityRecorder.java:51)位于io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1038)位于io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:137)位于io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:132)位于io.quarkus.vertx.http.runtime.cors.CORSFilter.handle(CORSFilter.java:92)位于io.quarkus.vertx.http.runtime.cors.CORSFilter.handle(CORSFilter.java:18)位于io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1038)位于io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:137)位于io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:132)位于io.vertx.ext.web.impl.RouterImpl.handle(RouterImpl.java:54)位于io.vertx.ext.web.impl.RouterImpl.handle(RouterImpl.java:36)位于io.quarkus.vertx.http.runtime.VertxHttpRecorder$9.handle(VertxHttpRecorder.java:426)位于io.quarkus.vertx.http.runtime.VertxHttpRecorder$9.handle(VertxHttpRecorder.java:423)位于io.quarkus.vertx.http.runtime.VertxHttpRecorder$1.handle(VertxHttpRecorder.java:149)位于io.quarkus.vertx.http.runtime.VertxHttpRecorder$1.handle(VertxHttpRecorder.java:131)位于io.vertx.core.http.impl.WebocketRequestHandler.handle(WebSocketRequestHandler.java:50)位于io.vertx.core.http.impl.WebocketRequestHandler.handle(WebSocketRequestHandler.java:32)位于io.vertx.core.http.impl.Http1xServerConnection.handleMessage(Http1xServerConnection.java:136)位于io.vertx.core.impl.ContextImpl.executeTask(ContextImpl.java:366)位于io.vertx.core.impl.EventLoopContext.execute(EventLoopContent.java:43)位于io.vertx.core.impl.ContextImpl.executeFromIO(ContextImpl.java:229)位于io.vertx.core.net.impl.VertxHandler.channelRead(VertxHandler.java:164)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:379)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:365)位于io.nety.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandler Content.java:357)位于io.nety.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:93)位于io.nety.handler.codec.http.websocketx.extensions.WebSocketServerExtensionHandler.channelRead(WebSocketServerExtensionHandler.java:101)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:379)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:365)位于io.nety.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandler Content.java:357)位于io.vertx.core.http.impl.Http1xUpgradeToH2CHandler.channelRead(Http1xUpgradeToH2CHandler.java:109)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:379)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:365)位于io.nety.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandler Content.java:357)在io.netty.handler.timeout.IidleStateHandler.channelRead(IdleStateHandler.java:286)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:379)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:365)位于io.nety.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandler Content.java:357)位于io.nety.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:324)位于io.nety.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:296)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:379)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:365)位于io.nety.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandler Content.java:357)位于io.vertx.core.http.impl.Http1xOrH2CHandler.end(Http1xOrH2CHandler.java:61)位于io.vertx.core.http.impl.Http1xOrH2CHandler.channelRead(Http1xOrH2CHandler.java:38)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:379)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:365)位于io.nety.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandler Content.java:357)在io.netty.handler.timeout.IidleStateHandler.channelRead(IdleStateHandler.java:286)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:379)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:365)位于io.nety.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandler Content.java:357)位于io.nety.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPiperine.java:1410)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:379)位于io.netty.channe.AbstractChannelHandlerContext.invokeChannelRead(AbstractchannelHandlerContent.java:365)位于io.netty.channe.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)位于io.nety.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)位于io.nety.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714)位于io.nety.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)位于io.nety.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)位于io.nety.channel.nio.NioEventLoop.run(NioEventLoop.java:493)位于io.nety.util.concurrent.SingleThreadEventExecutiator$4.run(SingleThreadEventExecutor.java:989)位于io.nety.util.internal.ThreadExecutiorMap$2.run(ThreadExecutiorMap.java:74)位于io.nety.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)在java.base/java.lang.Thread.run(Thread.java:829)
我曾尝试延迟pod初始化健康检查时间,但总是只有在第一次部署pod时才会出现异常。如果进行了pod重新部署,那么一切都很好。那么,在openshift集群启动后,我应该怎么做才能使pod初始化成功呢?
这是我的application.properties文件配置:
quarkus.http.cors=true
quarkus.oidc.auth-server-url=http://keycloak-myproject.192.168.1.110.nip.io/auth/realms/secured-realm
quarkus.oidc.client-id=namaste
我使用的是Openshift 3.11和quarkus 1.13.6最终版本
最有可能的原因是部署pod时Keycaptain还没有准备好-quarkus-oidc在OpenShift中部署时不会尝试不同的连接逻辑,它所做的一切都是尝试连接到quarkus.oidc.auth-server-url中设置的URL。在1.13.x中处理它的方法是使用quarkus.oidc.connection-delay属性,例如,将其设置为3M等。在这种情况下,quarkus-oidc将继续尝试为3M连接。这里有一个小的竞争条件,即使Keycloft可以联系,它可能仍然没有完成Quarkus用户最近发现的自定义领域文件的加载-将很快打开PR来解决这个特定问题。最好的选择是尝试2.0.0.CR3——即使在启动时与Keycapture的连接失败,quarkus-oidc也会恢复。HTH-