Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document pre-req for manageTLS: runtime must load certificates #538

Open
leochr opened this issue May 11, 2023 · 1 comment
Open

Document pre-req for manageTLS: runtime must load certificates #538

leochr opened this issue May 11, 2023 · 1 comment
Assignees
@idlewis
Labels
documentation Improvements or additions to documentation zenhub-dev

Comments

@leochr
Copy link
Member

leochr commented May 11, 2023
edited
Loading

manageTLS mounts the certificates onto the runtime pods, but the runtime is responsible for loading the mounted certificates. Liberty containers load the certificates automatically into the default keystore / truststore at container startup. tWAS runtime doesn't have such equivalence. Document that the inorder for manageTLS to work end-to-end, runtime must load the certs.

Document this in the limitation / troubleshooting section
@leochr leochr added documentation Improvements or additions to documentation zenhub-dev labels May 11, 2023
@tam512
Copy link

tam512 commented May 11, 2023
edited
Loading

The current workaround to install tWAS applications using RCO v1.2.0 is to use spec.route.termination: edge with insecureEdgeTerminationPolicy: Redirect or insecureEdgeTerminationPolicy: Allow or spec.route.termination: passthrough

For example:

spec:
  manageTLS: false
  route:
    termination: edge
    insecureEdgeTerminationPolicy: Redirect
  service:
    type: ClusterIP
    port: 9080

@idlewis idlewis self-assigned this Jul 20, 2023
@idlewis idlewis mentioned this issue Jul 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@idlewis idlewis

Labels
documentation Improvements or additions to documentation zenhub-dev
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@idlewis @leochr @tam512