-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stork-service-discovery-kubernetes
extension requires some extra configutation that is not documented
#24444
Comments
CC @aureamunoz |
Regarding native mode is also possible to make it work by adding the following configuration to your application.properties:
|
It's not clear to me why we need to setup bouncycastle. Can you please provide some more details? The rbac configuration is indeed needed (with some minor modifications). However, when the kubernetes-client extension is used along with the kubernetes extension, these are expected to be generated. I think that the main issue here is that stork-service-discovery-kubernetes is not reusing the kubernetes-client extension. |
Yes, the rbac configuration is needed, I'm working in the documentation about it and will create a PR soon. Regarding the bouncycastle, the problem is a
And this seem to be because GraalVM doesn't have them (the JVM has them).
|
Documentation PR: smallrye/smallrye-stork#278 |
Bouncy Castle dependencies are optional and should only be necessary in case ECDSA keys are used. I think these might also be required for FIPS mode. Is this property |
A possible solution we discussed for the native problem is to create an conditional dependency on the quarkus-kubernetes-client extension (is this the thing that has all the adjustments to make the client work in native?) that would be "enabled" where the kubernetes service discovery is added to a user's project. If the client brings too many things (or we need the quarkus-kubernetes extension which generates the deployment yamls), we could pull out some quarkus-kubernetes-common (hidden) extension. |
IIUC, the whole problem is that Stork does not use the Kubernetes Client provided by the Kubernetes extension, correct? |
@geoand Yes, stork is a single "extension". We do not have a stork-kubernetes extension that could depend on the Quarkus Kubernetes extension. Stork itself should not depend on that extension. It's only when you use the kubernetes service discovery that the problem occurs. Having to use an extension for each service discovery / load balancing strategy seems a bit too much. However, I'm pretty sure we would have the issue with consul too. So, we may have to be smart about it... |
Thanks for the description of the problem. Could Stork not have an SPI that basically allows the Kubernetes Client to be set and then in Quarkus when the Kubernetes Client capability is present have the SPI implemented by pulling the Kubernetes Client from CDI? Of course, the conditional dependencies could also work (we've used it for various things), but I think the SPI approach would be fine for this use case. |
It could be done via QuarkusStorkInfrastructure: https://github.com/quarkusio/quarkus/blob/main/extensions/smallrye-stork/runtime/src/main/java/io/quarkus/stork/QuarkusStorkInfrastructure.java Right now it's only used to reuse the Quarkus Vertx instance but it's easy to change the Kube service discovery to use it for kube client as well. How does it help? Would you want the user to add the kubernetes client extension when they add the kube service discovery? |
Pretty much, yeah. Similarly to how we expect users to add |
We can require adding kube client without sharing the client between the discovery and the other places. If someone adds it now, it will all work, right @aureamunoz ? |
I just discussed this issue with @aureamunoz and @michalszynkiewicz The plan of action is the following:
|
…hout the kubernetes client Fix quarkusio#24444
…hout the kubernetes client Fix quarkusio#24444 (cherry picked from commit 4e71579)
Hey @cescoffier I just filed #25688. This creates a problem when using stork with the various kubernetes extensions if you have created any of your own kubernetes files in |
Describe the bug
stork-service-discovery-kubernetes
requiresorg.bouncycastle:bctls-jdk15on
dependency and also some extra configuration on your application.properties:Example
Also, end-user must be sure that has the following K8s/ocp cluster roles binding (JVM and native mode):
Cluster Role
ClusterRoleBinding
I think that these requirements should be documented:
DocRef: https://quarkus.io/blog/stork-kubernetes-discovery/
Also would be great to understand why
org.bouncycastle:bctls-jdk15on
is needed and check if we could do something in order to avoid this extra dependencyReproducer: quarkus-qe/quarkus-test-suite#572
Expected behavior
No response
Actual behavior
No response
How to Reproduce?
No response
Output of
uname -a
orver
No response
Output of
java -version
No response
GraalVM version (if different from Java)
No response
Quarkus version or git rev
No response
Build tool (ie. output of
mvnw --version
orgradlew --version
)No response
Additional information
No response
The text was updated successfully, but these errors were encountered: