zregvart
commented
4 years ago
- Make an official docker image, with tags, so we don't need to use a custom version of netty, etc.. So people can test a single YAML file and no changes between users.
Not sure, what do you mean with a "custom version of netty"?
This is an example project, I don't think there's a need for a official releases, should be fairly simple to push this image to a registry such as Quay.io and tag versions there if you need. Other than that, you could use the SHA if you need a deterministic version, i.e.
quay.io/zregvart/camel-netty-proxy@sha256:838cf9f7e08be62eedbbd92e79a5d009f59fffe5d015c5679eb326de38a94bc0or
zregvart/camel-netty-proxy@sha256:6814f3e93dc3f47a5a9d07083fc63f93561ef77cb570f84618683e25f820fa07
- Add a LOG_LEVEL env variable, and if it set to debug, add a way to print the request headers, so it'll help us to know if proxy information is correct.
Added in 4ce26b2e9efad3cca0c2f961525fae27fc90e533.
- Add an HTTPS_CERT and HTTPS_CERT_FILE so if someone needs to use the container can set these variables, and it'll be easier.
The default deployment to OpenShift, triggered via openshift Maven profile (i.e. when run with ./mvnw -Popenshift package), adds a init container using the https://github.com/jimmidyson/pemtokeystore which will convert key and certificate issued by OpenShift CA to a Java keystore. The focus of this example is running this on OpenShift, not sure I want to make it more complex than that.
You can simulate the same by mounting a keystore to /tls/keystore.jks, and generate a Java Keystore file by running a command like:
$ keytool -genkeypair -keystore keystore.jks -dname "CN=hostname" -keypass changeit -storepass changeit -keyalg RSA -ext SAN=dns:hostname
$ docker run -v $(pwd)/keystore.jks:/tls/keystore.jks:Z camel-netty-proxy
eloycoto
Hi,
After a couple of issues, I think that some changes will be good to address some of the common issues that we have in our POC around integration this feature with other projects:
Many thanks!