Document, or provide examples for, TLS configuration on OpenShift

[rhn-support-kboone]

It is not very obvious how to configure a Camel-K integration for TLS support on OpenShift. This is particularly relevant for integrations that act as service endpoints, rather than making outbound requests -- these will be subject to the OpenShift router if the client is outside the immediate OpenShft namespace.

The router can be configured to terminate TLS and do plaintext communication with the integration, and this might be appropriate for integrations that expose HTTP services. However, protocols other than HTTP will almost certainly need to use TLS pass-through, with routing information being derived from the TLS SNI header. This is because, once the TLS conversation is terminated, there is no longer an SNI header for the router to refer to, and protocols other than HTTP do not usually have an equivalent of the "Host:" header to use for routing. Pass-through is the recommendation for ActiveMQ/Artemis/Strimzi on OpenShift, for exactly this reason.

It would be good to document how to set this up, and to ensure that it actually works. It's likely that examples will have to be given for specific Camel components, because there is little uniformity in Camel itself about how to handle TLS and certificate storage.

[tomanwalker]

At this very moment, trying to figure out how to do SSL connection to AMQ broker.

--secret my-tls-secret --> doesn't work, I guess expects some propertyName in specific format

--resource client.ts --> creates config map with Empty property
--resource client.ts --compression -->creates config map with my file Base64 encoded, so now I need to decode on the fly?

[claudio4j]

#2577 provides examples on how to run integration with different routes (no tls, edge, reencrypt, passthrough).

[claudio4j]

There is a route documentation on how to use kamel run to setup TLS routes. @astefanutti can you close this issue
Reopen if you feel appropriate.