You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Requirement - what kind of business use case are you trying to solve?
Connect to a cloud-provider managed Cassandra to reduce the operational overhead on the databases. SSL has to be provided for the connections. Quite often, the certs used are issued by known CAs such as LetsEncrypt or digicerts.
Problem - what in Jaeger blocks you from solving the requirement?
TLS certs need to be provided via files.
The TLS certificates are not mounted to the create schema container image.
Proposal - what do you suggest to solve the problem or improve the existing situation?
For K8s based deployments its not very convenient to create a config map and mount it to the pod. Therefore, I'd like to discuss whether we should introduce a config flag that would use well-known CAs to be added automatically on demand.
As far as I can see the base for the Jaeger docker images is Alpine Linux. The Alpine Linux image seems to have a root-ca-bundle at /etc/ssl/certs/ca-certificates.crt
Requirement - what kind of business use case are you trying to solve?
Connect to a cloud-provider managed Cassandra to reduce the operational overhead on the databases. SSL has to be provided for the connections. Quite often, the certs used are issued by known CAs such as LetsEncrypt or digicerts.
Additional context is available here #2467
Problem - what in Jaeger blocks you from solving the requirement?
Proposal - what do you suggest to solve the problem or improve the existing situation?
For K8s based deployments its not very convenient to create a config map and mount it to the pod. Therefore, I'd like to discuss whether we should introduce a config flag that would use well-known CAs to be added automatically on demand.
Its a similar situation that RedHat for instances using for Quarkus by running a
ca-certificates
installation: https://github.com/quarkusio/quarkus-quickstarts/blob/master/security-jwt-quickstart/src/main/docker/Dockerfile.jvm#L26This would allow an easier installation and operations on K8s.
Any open questions to address
Maybe we can start to discuss the approach.
The text was updated successfully, but these errors were encountered: