You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is not very obvious how to configure a Camel-K integration for TLS support on OpenShift. This is particularly relevant for integrations that act as service endpoints, rather than making outbound requests -- these will be subject to the OpenShift router if the client is outside the immediate OpenShft namespace.
The router can be configured to terminate TLS and do plaintext communication with the integration, and this might be appropriate for integrations that expose HTTP services. However, protocols other than HTTP will almost certainly need to use TLS pass-through, with routing information being derived from the TLS SNI header. This is because, once the TLS conversation is terminated, there is no longer an SNI header for the router to refer to, and protocols other than HTTP do not usually have an equivalent of the "Host:" header to use for routing. Pass-through is the recommendation for ActiveMQ/Artemis/Strimzi on OpenShift, for exactly this reason.
It would be good to document how to set this up, and to ensure that it actually works. It's likely that examples will have to be given for specific Camel components, because there is little uniformity in Camel itself about how to handle TLS and certificate storage.
The text was updated successfully, but these errors were encountered:
At this very moment, trying to figure out how to do SSL connection to AMQ broker.
--secret my-tls-secret --> doesn't work, I guess expects some propertyName in specific format
--resource client.ts --> creates config map with Empty property
--resource client.ts --compression -->creates config map with my file Base64 encoded, so now I need to decode on the fly?
It is not very obvious how to configure a Camel-K integration for TLS support on OpenShift. This is particularly relevant for integrations that act as service endpoints, rather than making outbound requests -- these will be subject to the OpenShift router if the client is outside the immediate OpenShft namespace.
The router can be configured to terminate TLS and do plaintext communication with the integration, and this might be appropriate for integrations that expose HTTP services. However, protocols other than HTTP will almost certainly need to use TLS pass-through, with routing information being derived from the TLS SNI header. This is because, once the TLS conversation is terminated, there is no longer an SNI header for the router to refer to, and protocols other than HTTP do not usually have an equivalent of the "Host:" header to use for routing. Pass-through is the recommendation for ActiveMQ/Artemis/Strimzi on OpenShift, for exactly this reason.
It would be good to document how to set this up, and to ensure that it actually works. It's likely that examples will have to be given for specific Camel components, because there is little uniformity in Camel itself about how to handle TLS and certificate storage.
The text was updated successfully, but these errors were encountered: