-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test(sample): update sample application images and configs #928
base: main
Are you sure you want to change the base?
Conversation
@mwangggg could you help figure out the new TLS setup to use here? Using the current configuration in this PR: env:
- name: KEYSTORE_PASS
valueFrom:
secretKeyRef:
key: KEYSTORE_PASS
name: cryostat-sample-keystore
- name: JAVA_OPTS_APPEND
value: |-
-Dquarkus.http.host=0.0.0.0
-Djava.util.logging.manager=org.jboss.logmanager.LogManager
-Dcom.sun.management.jmxremote.port=9097
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-javaagent:/deployments/app/cryostat-agent.jar
-Dcryostat.agent.webclient.tls.truststore.cert[0].path=/var/run/secrets/myapp/truststore.p12
-Dcryostat.agent.webclient.tls.truststore.cert[0].type=X.509
-Dcryostat.agent.webclient.tls.truststore.cert[0].alias=cryostat-sample
image: quay.io/redhat-java-monitoring/quarkus-cryostat-agent:latest
...
volumeMounts:
- mountPath: /var/run/secrets/myapp/truststore.p12
name: truststore
subPath: truststore.p12
volumes:
- name: truststore
secret:
secretName: cryostat-sample-tls I get an Agent startup failure with logs like this:
I wonder if I just have the wrong alias, or something. But also, the previous configuration used the |
^ maybe the Agent should have some other config property to allow it to import a whole truststore as well? Like |
We could do that, or we could add the cryostat's cert to the quarkus-cryostat-agent container with a volume mount instead of the "keystore" truststore volume mount |
^I'll test that method out and see if it works- although giving users the option of importing a whole truststore is also a good idea. |
Ah, right, there's already a Secret that contains the bare cert we need, isn't there. That sounds like it should work well with your existing Agent work. I think the init-truststore idea is still something worth considering - I can see that being useful for some users in the future. It'd be nice to allow specifying the whole truststore as a starting point instead of requiring users to "unwrap" it into its individual certs, if that isn't the form they already have available. |
Welcome to Cryostat! 👋
Before contributing, make sure you have:
main
branch[chore, ci, docs, feat, fix, test]
git commit -S -m "YOUR_COMMIT_MESSAGE"
See cryostatio/test-applications#1
See cryostatio/test-applications#7
Related to cryostatio/cryostat-agent#139
Description of the change:
This change adds allows the users to provide...
Motivation for the change:
This change is helpful because users may want to...
How to manually test: