SSLPeerUnverifiedException Hostname fd33:1a73:fa8f::1 not verified after upgrade to Boot 3.4.0 and Cloud 2024.0.0 #1813
Description
Describe the bug
After the upgrade from Spring Boot 3.3.6 to 3.4.0 and Spring Cloud 2023.0.4 to 2024.0.0 we're experiencing issues regarding hostname verification which read like
javax.net.ssl.SSLPeerUnverifiedException: Hostname fd33:1a73:fa8f::1 not verified:
certificate: sha256/bLcj0Q+HP/EF+4njk0xrQvqb/KtOHnZa2xf+rl9ldkc=
DN: CN=kube-apiserver
subjectAltNames: [fd33:1a73:fa8f:0:0:0:0:1, 2a05:d014:396:cd05:0:0:0:e781, 172.16.98.175, 55c2d4e83b3377534d8c22d619c3cb94.gr7.eu-central-1.eks.amazonaws.com, ip-172-16-98-175.eu-central-1.compute.internal, kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local]
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:334)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:284)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:169)
[...]
at java.lang.Thread.run(Thread.java:1570)
Wrapped by: java.io.IOException: Hostname fd33:1a73:fa8f::1 not verified:
certificate: sha256/bLcj0Q+HP/EF+4njk0xrQvqb/KtOHnZa2xf+rl9ldkc=
DN: CN=kube-apiserver
subjectAltNames: [fd33:1a73:fa8f:0:0:0:0:1, 2a05:d014:396:cd05:0:0:0:e781, 172.16.98.175, 55c2d4e83b3377534d8c22d619c3cb94.gr7.eu-central-1.eks.amazonaws.com, ip-172-16-98-175.eu-central-1.compute.internal, kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local]
at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.waitForResult(OperationSupport.java:504)
at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.handleResponse(OperationSupport.java:524)
at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.handleGet(OperationSupport.java:467)
at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.handleGet(BaseOperation.java:792)
at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.requireFromServer(BaseOperation.java:193)
... 20 common frames omitted
Wrapped by: io.fabric8.kubernetes.client.KubernetesClientException: Operation: [get] for kind: [Pod] with name: [offer-attribute-assignor-6778d89688-pdm8h] in namespace: [offer-attribute-assignor] failed.
at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:159)
at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.requireFromServer(BaseOperation.java:195)
at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.get(BaseOperation.java:149)
at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.isReady(BaseOperation.java:919)
... 5 frames excluded
... 13 common frames omitted
Wrapped by: org.springframework.context.ApplicationContextException: Failed to start bean 'leaderInitiator'
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:326)
at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:510)
at java.lang.Iterable.forEach(Iterable.java:75)
... 10 frames excluded
at de.idealo.orca.attribute.ApplicationKt.main(Application.kt:24)
There are various bug reports similar to this one available but they all date years back and are already closed.
I suspect the crucial change anywhere within io.fabric8:kubernetes-client between versions 6.9.2 (Cloud 2023.0.4) and 6.13.4 (Cloud 2024.0.0).
From my understanding the address fd33:1a73:fa8f::1 should be fine regarding verification.
Did we miss something?