-
Notifications
You must be signed in to change notification settings - Fork 345
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
S3 dependencies #2383
S3 dependencies #2383
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, I've left a couple of comments. Thanks!
Also, that'd be awesome to have a doc written about your MinIO operator testing, maybe in a section of the https://camel.apache.org/camel-k/latest/configuration/maven.html page. |
93146b3
to
e3d986b
Compare
Thanks for reviewing ! I'll add some documentation to https://camel.apache.org/camel-k/latest/configuration/maven.html ASAP; the hardest part was finding where Kubernetes hides the CA it uses to sign |
Ah right, it uses the Kubernetes TLS API. I think the location of the key/CA used to signed the certificate is configurable and can differ from one k8s distribution to the other. On OpenShift, this would be a very good case for using the service signing certificate service, to generate the certificate, as the CA is automatically mounted into Pods. It seems it's possible to provide our own certificate to the MinIO Operator: https://docs.min.io/minio/k8s/tutorials/transport-layer-security.html#id2. As this is a possible solution to hosting customs dependencies and beans, It'd be valuable to also try/document that approach for downstream. |
Ah right as you pointed out perhaps it's best to leave the "How do I make certificates work in Kubernetes"™ part out of it as it depends on the Kubernetes/S3 distributions and how they were setup... The OpenShift/MinIO/Camel-k CA setup you described looks really promising! |
Yes, both approaches would be worth documenting.
+1 Let me know if you prefer to have that PR merged, or you prefer to have it left open to work on the documentation. |
Added, thanks ! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome!
|
||
=== S3 TLS Certificates | ||
|
||
In most cases, you will need to add the certificate(s) served by your S3 instance to the list of certificate(s) trusted by the Camel K Operator when running Maven commands. Where/how to get the certificate(s) varies greatly depending on how your S3 instance is setup and will not be convered here. + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
convered -> covered
9be7e6a
to
67b8b43
Compare
Solves #2132 and part of #1227. To use Maven dependencies hosted in a S3 repository the workflow would be something like this:
...
kamel install --maven-settings secret:camel-k-minio-maven-settings/maven-settings --maven-ca-secret minio-ca/minio-ca --maven-build-extension fi.yle.tools:aws-maven:1.4.2
`kamel run examples/languages/Sample.java --dependency=mvn:hosted:ons3:1.1
Tested with MinIO operator 4.0.11
Thanks !
Release Note