Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cert-Manager support and TLS periodic reload #41501

Merged
merged 2 commits into from
Jun 29, 2024
Merged

Cert-Manager support and TLS periodic reload #41501

merged 2 commits into from
Jun 29, 2024

Conversation

cescoffier
Copy link
Member

  • Allows the periodic reload of TLS certificates from the registry
  • Define the proper architecture to handle certificate reloads (using CDI events)
  • Explain how one can implement its own reloader (using a file watcher or anything)
  • Document how to use Kubernetes secrets to load certificates
  • Document how to use the Kubernetes cert-manager

@quarkus-bot

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 27, 2024
edited
Loading

🙈 The PR is closed and the preview is expired.

geoand
geoand reviewed Jun 27, 2024
View reviewed changes
Copy link
Contributor

@geoand geoand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks nice!

Asked a small question

@cescoffier
Periodic TLS certificate reload
10654d6 
Provide a way to periodically reload certificates from the file system and document how to implement your own reloader.
@cescoffier
Document how to use Kubernetes secret and the cert-manager
32fc596
@quarkus-bot
Copy link

quarkus-bot bot commented Jun 27, 2024

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit 32fc596.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

⚠️ There are other workflow runs running, you probably need to wait for their status before merging.

@quarkus-bot
Copy link

quarkus-bot bot commented Jun 27, 2024
edited by github-actions bot
Loading

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 32fc596.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

Flaky tests - Develocity

⚙️ JVM Tests - JDK 21

📦 extensions/infinispan-cache/deployment

io.quarkus.cache.infinispan.InfinispanCacheTest.testGetAsyncWithParallelCalls - History

  • expected: "thread1" but was: "thread2" - org.opentest4j.AssertionFailedError
org.opentest4j.AssertionFailedError: 

expected: "thread1"
 but was: "thread2"
	at io.quarkus.cache.infinispan.InfinispanCacheTest.testGetAsyncWithParallelCalls(InfinispanCacheTest.java:283)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at io.quarkus.test.QuarkusUnitTest.runExtensionMethod(QuarkusUnitTest.java:499)
	at io.quarkus.test.QuarkusUnitTest.interceptTestMethod(QuarkusUnitTest.java:413)

📦 extensions/smallrye-reactive-messaging-kafka/deployment

io.quarkus.smallrye.reactivemessaging.kafka.deployment.dev.KafkaDevServicesDevModeTestCase.sseStream - History

  • Assertion condition defined as a Lambda expression in io.quarkus.smallrye.reactivemessaging.kafka.deployment.dev.KafkaDevServicesDevModeTestCase Expecting size of: [] to be greater than or equal to 2 but was 0 within 10 seconds. - org.awaitility.core.ConditionTimeoutException
org.awaitility.core.ConditionTimeoutException: 
Assertion condition defined as a Lambda expression in io.quarkus.smallrye.reactivemessaging.kafka.deployment.dev.KafkaDevServicesDevModeTestCase 
Expecting size of:
  []
to be greater than or equal to 2 but was 0 within 10 seconds.
	at org.awaitility.core.ConditionAwaiter.await(ConditionAwaiter.java:167)
	at org.awaitility.core.AssertionCondition.await(AssertionCondition.java:119)
	at org.awaitility.core.AssertionCondition.await(AssertionCondition.java:31)

gastaldi
gastaldi reviewed Jun 28, 2024
View reviewed changes
...rtx/http/certReload/MainHttpServerTlsCertificateReloadWithTlsRegistryAndUpdateEventTest.java
@Certificate(name = "reload-A", formats = Format.PEM),
@Certificate(name = "reload-B", formats = Format.PEM, duration = 365),
})
@DisabledOnOs(OS.WINDOWS)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this test disabled on Windows?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is just to avoid complexity in the tests with / vs \ in paths.

gastaldi
gastaldi reviewed Jun 29, 2024
View reviewed changes
...rtx/http/certReload/MainHttpServerTlsCertificateReloadWithTlsRegistryAndUpdateEventTest.java
@TestHTTPResource(value = "/hello", tls = true)
URL url;

public static final File temp = new File("target/test-certificates-" + UUID.randomUUID());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can use Path here and avoid java.io.File entirely, but that can be done in a separate PR

@gastaldi gastaldi merged commit c20fa84 into quarkusio:main Jun 29, 2024
53 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.13 - main milestone Jun 29, 2024
@cescoffier cescoffier deleted the tls-reload-certs branch July 1, 2024 05:59
@cescoffier cescoffier mentioned this pull request Jul 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gastaldi gastaldi gastaldi approved these changes

@geoand geoand geoand approved these changes

Assignees
No one assigned
Labels
area/documentation area/vertx release/noteworthy-feature triage/flaky-test
Projects
Quarkus Documentation
Status: Done
Milestone
3.13.0.CR1
Development

Successfully merging this pull request may close these issues.
3 participants
@cescoffier @gastaldi @geoand