Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 dependencies #2383

Merged
merged 3 commits into from
Jun 11, 2021
Merged

S3 dependencies #2383

merged 3 commits into from
Jun 11, 2021

Conversation

johnpoth
Copy link
Member

@johnpoth johnpoth commented Jun 9, 2021

Solves #2132 and part of #1227. To use Maven dependencies hosted in a S3 repository the workflow would be something like this:

  1. Create a custom Maven settings.xml as a Secret in Kubernetes containing the S3 credentials & host information:
<servers>
  <server>
    <id>minio-release</id>
    <username>291cafe6-eceb-43dc-91b3-58be867d9da2</username>
    <password>e383fed0-4645-45f6-acea-65f3748b96c8</password>
    <configuration>
      <wagonProvider>s3</wagonProvider>
      <s3Provider>minio</s3Provider>
      <endpoint>https://minio-tenant-1-hl.minio-tenant-1.svc.cluster:4430</endpoint>
    </configuration>
  </server>
  <server>
    <id>minio-snapshot</id>
    <username>291cafe6-eceb-43dc-91b3-58be867d9da2</username>
    <password>e383fed0-4645-45f6-acea-65f3748b96c8</password>
    <configuration>
      <wagonProvider>s3</wagonProvider>
      <s3Provider>minio</s3Provider>
      <endpoint>https://minio-tenant-1-hl.minio-tenant-1.svc.cluster:4430</endpoint>
    </configuration>
  </server>
</servers>

...

<repositories>
  <repository>
    <id>minio-release</id>
    <name>MinIO Release Repository</name>
    <url>s3://maven/release</url>
  </repository>
  <repository>
    <id>minio-snapshot</id>
    <name>MinIO Snapshot Repository</name>
    <url>s3://maven/snapshot</url>
  </repository>
</repositories>
  1. Optionally create the S3 repository CA as a Secret in Kubernetes
  2. Reference all the above plus the S3 wagon when installing camel-k, so something like:
    kamel install --maven-settings secret:camel-k-minio-maven-settings/maven-settings --maven-ca-secret minio-ca/minio-ca --maven-build-extension fi.yle.tools:aws-maven:1.4.2
  3. Reference the dependencies hosted in S3 just like any other dependencies e.g
    `kamel run examples/languages/Sample.java --dependency=mvn:hosted:ons3:1.1

Tested with MinIO operator 4.0.11

Thanks !

Release Note

NONE

astefanutti
astefanutti reviewed Jun 9, 2021
View reviewed changes
Copy link
Member

@astefanutti astefanutti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, I've left a couple of comments. Thanks!

pkg/apis/camel/v1/maven_types.go Outdated Show resolved Hide resolved
pkg/apis/camel/v1/common_types.go Outdated Show resolved Hide resolved
pkg/cmd/install.go Outdated Show resolved Hide resolved
pkg/cmd/install.go Show resolved Hide resolved
@astefanutti
Copy link
Member

Also, that'd be awesome to have a doc written about your MinIO operator testing, maybe in a section of the https://camel.apache.org/camel-k/latest/configuration/maven.html page.

@astefanutti astefanutti added the area/build-operator Related to the internal image build operator label Jun 9, 2021
@johnpoth
Copy link
Member Author

Thanks for reviewing ! I'll add some documentation to https://camel.apache.org/camel-k/latest/configuration/maven.html ASAP; the hardest part was finding where Kubernetes hides the CA it uses to sign CertificateSigningRequest...

@astefanutti
Copy link
Member

Thanks for reviewing ! I'll add some documentation to https://camel.apache.org/camel-k/latest/configuration/maven.html ASAP; the hardest part was finding where Kubernetes hides the CA it uses to sign CertificateSigningRequest...

Ah right, it uses the Kubernetes TLS API. I think the location of the key/CA used to signed the certificate is configurable and can differ from one k8s distribution to the other.

On OpenShift, this would be a very good case for using the service signing certificate service, to generate the certificate, as the CA is automatically mounted into Pods. It seems it's possible to provide our own certificate to the MinIO Operator: https://docs.min.io/minio/k8s/tutorials/transport-layer-security.html#id2. As this is a possible solution to hosting customs dependencies and beans, It'd be valuable to also try/document that approach for downstream.

@johnpoth
Copy link
Member Author

Ah right as you pointed out perhaps it's best to leave the "How do I make certificates work in Kubernetes"™ part out of it as it depends on the Kubernetes/S3 distributions and how they were setup...

The OpenShift/MinIO/Camel-k CA setup you described looks really promising!

@astefanutti
Copy link
Member

Ah right as you pointed out perhaps it's best to leave the "How do I make certificates work in Kubernetes"™ part out of it as it depends on the Kubernetes/S3 distributions and how they were setup...

Yes, both approaches would be worth documenting.

The OpenShift/MinIO/Camel-k CA setup you described looks really promising!

+1

Let me know if you prefer to have that PR merged, or you prefer to have it left open to work on the documentation.

@johnpoth
Copy link
Member Author

Added, thanks !

astefanutti
astefanutti approved these changes Jun 11, 2021
View reviewed changes
Copy link
Member

@astefanutti astefanutti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome!

docs/modules/ROOT/pages/configuration/maven.adoc Outdated

=== S3 TLS Certificates

In most cases, you will need to add the certificate(s) served by your S3 instance to the list of certificate(s) trusted by the Camel K Operator when running Maven commands. Where/how to get the certificate(s) varies greatly depending on how your S3 instance is setup and will not be convered here. +
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

convered -> covered

@astefanutti astefanutti merged commit 20f3ed8 into apache:main Jun 11, 2021
@johnpoth johnpoth deleted the s3-dependencies branch June 14, 2021 07:26
@nicolaferraro nicolaferraro mentioned this pull request Jul 2, 2021
Closed
@johnpoth johnpoth mentioned this pull request Dec 15, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@astefanutti astefanutti astefanutti approved these changes

Assignees
No one assigned
Labels
area/build-operator Related to the internal image build operator
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@johnpoth @astefanutti