External API call from Kalix using Reactor Netty

Hi,

I was trying to do an https call to an external api using certificates configured using SslContext in kalix service running in kalix environment, when it call the external api, I’m getting below error “Channel Inactive (Unknown source)”, is there any configuration i need to do in kalix to make a external api from kalix hosted service?

The connection observed an error
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] java.nio.channels.ClosedChannelException: null
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.handler.ssl.SslHandler.channelInactive(SslHandler.java:1067)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:305)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:281)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:274)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelInactive(DefaultChannelPipeline.java:1405)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:301)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:281)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.channel.DefaultChannelPipeline.fireChannelInactive(DefaultChannelPipeline.java:901)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.channel.AbstractChannel$AbstractUnsafe$7.run(AbstractChannel.java:813)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:403)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at java.base/java.lang.Thread.run(Unknown Source)
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] Suppressed: io.netty.handler.ssl.StacklessSSLHandshakeException: Connection closed while SSL/TLS handshake was in progress
2023-07-12 16:12:26.476 app[service-786bd84d6f-vr4gz] at io.netty.handler.ssl.SslHandler.channelInactive(Unknown Source)
2023-07-12 16:12:27.496 app[service-786bd84d6f-vr4gz] 2023-07-12 06:12:27,495 INFO a.c.w.b.d.a.GcmApiServiceAction [kalix-akka.actor.default-dispatcher-3 ] - Exception in catch block
2023-07-12 16:12:27.496 app[service-786bd84d6f-vr4gz] 2023-07-12 06:12:27,495 WARN r.u.Loggers$Slf4JLogger [reactor-http-epoll-2 ] - [fc0ba97e, L:/10.0.93.14:41288 ! R:gw-peer.sit1.api.westpac.com.au/110.5.88.46:443] The connection observed an error
2023-07-12 16:12:27.496 app[service-786bd84d6f-vr4gz] java.nio.channels.ClosedChannelException: null

Hi Deepak,

I’m not sure what that specific error message from Netty means but you should be able to call external services as long as they are available over standard popular protocol ports, 80 for HTTP, 443 for HTTPS etc.

If the remote service is running on some arbitrary port or is using some uncommon protocol it may be blocked by the firewall between the service and the public internet. Please let us know if that is the case and we can see if we can open it up.