-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve the logic to generate TLS-based container ports by the Quarkus Kubernetes extension #33307
Closed
4 tasks done
Labels
Comments
cc @cescoffier |
Sgitario
changed the title
Avoiding generating HTTPS container port always by the Quarkus Kubernetes extension
Improve the logic to generate TLS-based container ports by the Quarkus Kubernetes extension
May 11, 2023
Sgitario
added a commit
to Sgitario/quarkus
that referenced
this issue
May 30, 2023
Related to quarkusio#33307, task 4. Yet if users set the target-port to "management", this port won't be unbound.
Sgitario
added a commit
to Sgitario/quarkus
that referenced
this issue
May 30, 2023
For the HTTP TLS configuration, add a new property quarkus.kubernetes.ports.https.tls=true with default value false. If users set it to true, then the container port HTTPS will be bound to the application container and to the service resource. If false, we will check whether the quarkus.http.ssl.* runtime properties were set at build time using the ConfigProvider API, and bind the container HTTPS accordingly. Related to quarkusio#33307, task 1.
This was referenced May 30, 2023
Sgitario
added a commit
to Sgitario/quarkus
that referenced
this issue
Jun 2, 2023
Related to quarkusio#33307, task 3. Fix quarkusio#32882
Sgitario
added a commit
to Sgitario/quarkus
that referenced
this issue
Jun 6, 2023
Related to quarkusio#33307, task 3. Fix quarkusio#32882
Sgitario
added a commit
to Sgitario/quarkus
that referenced
this issue
Jun 8, 2023
Related to quarkusio#33307, task 3. Fix quarkusio#32882
sberyozkin
pushed a commit
to sberyozkin/quarkus
that referenced
this issue
Jun 21, 2023
For the HTTP TLS configuration, add a new property quarkus.kubernetes.ports.https.tls=true with default value false. If users set it to true, then the container port HTTPS will be bound to the application container and to the service resource. If false, we will check whether the quarkus.http.ssl.* runtime properties were set at build time using the ConfigProvider API, and bind the container HTTPS accordingly. Related to quarkusio#33307, task 1.
sberyozkin
pushed a commit
to sberyozkin/quarkus
that referenced
this issue
Jun 21, 2023
Related to quarkusio#33307, task 4. Yet if users set the target-port to "management", this port won't be unbound.
iocanel
pushed a commit
to Sgitario/quarkus
that referenced
this issue
Jul 12, 2023
Related to quarkusio#33307, task 3. Fix quarkusio#32882
Closing epic since all the sub-tasks were completed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
At the moment, the Quarkus application uses some runtime properties to configure the TLS configuration. For example:
quarkus.http.ssl.*
to configure the HTTP TLS serverquarkus.management.ssl.*
to configure the Management TLS serverThe problem is that some of the above properties need to be known at build time by the Quarkus Kubernetes extension to properly generate/bind the HTTPS/management ports.
Tasks
quarkus.kubernetes.ports.https.tls=true
with default value false. If users set it to true, then the container port HTTPS will be bound to the application container and to the service resource. If false, we will check whether thequarkus.http.ssl.*
runtime properties were set at build time using theConfigProvider
API, and bind the container HTTPS accordingly. Do not generate the https in K8s unless HTTP ssl configuration is set #33696quarkus.kubernetes.ports.management.tls=true
. Fix K8s/OpenShift deployment when using management interface+https #32902quarkus.http.port
. Print messages about ports that can't change at runtime for K8s #33789The text was updated successfully, but these errors were encountered: