[GitHub] [camel-k] rhn-support-kboone opened a new issue #1033: Document, or provide examples for, TLS configuration on OpenShift

[GitBox <gi...@apache.org>]

rhn-support-kboone opened a new issue #1033: Document, or provide examples for, TLS configuration on OpenShift
URL: https://github.com/apache/camel-k/issues/1033
 
 
   It is not very obvious how to configure a Camel-K integration for TLS support on OpenShift. This is particularly relevant for integrations that act as service endpoints, rather than making outbound requests -- these will be subject to the OpenShift router if the client is outside the immediate OpenShft namespace.
   
   The router can be configured to terminate TLS and do plaintext communication with the integration, and this might be appropriate for integrations that expose HTTP services. However, protocols other than HTTP will almost certainly need to use TLS pass-through, with routing information being derived from the TLS SNI header. This is because, once the TLS conversation is terminated, there is no longer an SNI header for the router to refer to, and protocols other than HTTP do not usually have an equivalent of the "Host:" header to use for routing. Pass-through is the recommendation for ActiveMQ/Artemis/Strimzi on OpenShift, for exactly this reason.
   
   It would be good to document how to set this up, and to ensure that it actually works. It's likely that examples will have to be given for specific Camel components, because there is little uniformity in Camel itself about how to handle TLS and certificate storage.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services