Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve the logic to generate TLS-based container ports by the Quarkus Kubernetes extension #33307

Closed
4 tasks done
Sgitario opened this issue May 11, 2023 · 3 comments
Closed
4 tasks done
Assignees
Labels
area/kubernetes kind/epic Large issue with links to sub-issues

Comments

@Sgitario
Copy link
Contributor

Sgitario commented May 11, 2023

Description

At the moment, the Quarkus application uses some runtime properties to configure the TLS configuration. For example:

  • quarkus.http.ssl.* to configure the HTTP TLS server
  • quarkus.management.ssl.* to configure the Management TLS server

The problem is that some of the above properties need to be known at build time by the Quarkus Kubernetes extension to properly generate/bind the HTTPS/management ports.

Tasks

@Sgitario Sgitario added the kind/epic Large issue with links to sub-issues label May 11, 2023
@quarkus-bot
Copy link

quarkus-bot bot commented May 11, 2023

/cc @geoand (kubernetes), @iocanel (kubernetes)

@Sgitario
Copy link
Contributor Author

cc @cescoffier

@Sgitario Sgitario changed the title Avoiding generating HTTPS container port always by the Quarkus Kubernetes extension Improve the logic to generate TLS-based container ports by the Quarkus Kubernetes extension May 11, 2023
Sgitario added a commit to Sgitario/quarkus that referenced this issue May 30, 2023
Related to quarkusio#33307, task 4.

Yet if users set the target-port to "management", this port won't be unbound.
@Sgitario Sgitario self-assigned this May 30, 2023
Sgitario added a commit to Sgitario/quarkus that referenced this issue May 30, 2023
For the HTTP TLS configuration, add a new property quarkus.kubernetes.ports.https.tls=true with default value false. If users set it to true, then the container port HTTPS will be bound to the application container and to the service resource. If false, we will check whether the quarkus.http.ssl.* runtime properties were set at build time using the ConfigProvider API, and bind the container HTTPS accordingly.

Related to quarkusio#33307, task 1.
Sgitario added a commit to Sgitario/quarkus that referenced this issue Jun 2, 2023
Sgitario added a commit to Sgitario/quarkus that referenced this issue Jun 6, 2023
Sgitario added a commit to Sgitario/quarkus that referenced this issue Jun 8, 2023
sberyozkin pushed a commit to sberyozkin/quarkus that referenced this issue Jun 21, 2023
For the HTTP TLS configuration, add a new property quarkus.kubernetes.ports.https.tls=true with default value false. If users set it to true, then the container port HTTPS will be bound to the application container and to the service resource. If false, we will check whether the quarkus.http.ssl.* runtime properties were set at build time using the ConfigProvider API, and bind the container HTTPS accordingly.

Related to quarkusio#33307, task 1.
sberyozkin pushed a commit to sberyozkin/quarkus that referenced this issue Jun 21, 2023
Related to quarkusio#33307, task 4.

Yet if users set the target-port to "management", this port won't be unbound.
iocanel pushed a commit to Sgitario/quarkus that referenced this issue Jul 12, 2023
@Sgitario
Copy link
Contributor Author

Closing epic since all the sub-tasks were completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/kubernetes kind/epic Large issue with links to sub-issues
Projects
None yet
Development

No branches or pull requests

1 participant