Cluster Internal SSL in Docker/K8s

Hello,

I’m running into an issue following the SSL setup docs. I’ve generated a self signed p12 bundle and created a Dockerfile that loads the p12 and its certificate, then updates the OS cert store and mono store to trust that certificate, according to the steps in the documentation.

However, when bringing up the EventStore images as a three node cluster in k8s, I continually see:

[00001,57,23:08:57.366] ES “TcpConnectionSsl” closed [23:08:57.367: N10.21.1.35:1117, L10.21.1.105:39734, {98b3bc82-9b2c-4d91-80bd-60ca13ba4a35}]:Send calls: 0, callbacks: 0
[00001,57,23:08:57.366] ES “TcpConnectionSsl” closed [23:08:57.367: N10.21.1.35:1117, L10.21.1.105:39734, {98b3bc82-9b2c-4d91-80bd-60ca13ba4a35}]:Receive calls: 0, callbacks: 0
[00001,57,23:08:57.366] ES “TcpConnectionSsl” closed [23:08:57.367: N10.21.1.35:1117, L10.21.1.105:39734, {98b3bc82-9b2c-4d91-80bd-60ca13ba4a35}]:Close reason: [SocketError] “A call to SSPI failed, see inner exception.”
[00001,57,23:08:57.366] Connection ‘“master-secure”""’ [10.21.1.35:1117, {98b3bc82-9b2c-4d91-80bd-60ca13ba4a35}] closed: SocketError.
[00001,15,23:08:57.371] Looks like node [10.21.1.35:1117] is DEAD (TCP connection lost).
[00001,15,23:08:57.371] CLUSTER HAS CHANGED “TCP connection lost to [10.21.1.35:1117]”

``

in the logs. More strangely, the error persists even when EVENTSTORE_SSL_VALIDATE_SERVER is False. Any help, including an indication of how to get the inner SSPI exception, would be much appreciated.

Thanks,

Tyler