quarkus: `stork-service-discovery-kubernetes` extension requires some extra configutation that is not documented

Describe the bug

stork-service-discovery-kubernetes requires org.bouncycastle:bctls-jdk15on dependency and also some extra configuration on your application.properties:

Example

# application properties should be here
quarkus.security.security-providers=BCJSSE

quarkus.http.ssl.certificate.key-store-file=server-keystore.jks
quarkus.http.ssl.certificate.key-store-password=password
quarkus.http.ssl.certificate.trust-store-file=server-truststore.jks
quarkus.http.ssl.certificate.trust-store-password=password

quarkus.native.additional-build-args=--allow-incomplete-classpath

Also, end-user must be sure that has the following K8s/ocp cluster roles binding (JVM and native mode):

Cluster Role

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: "${NAMESPACE}"
  name: endpoints-reader
rules:
  - apiGroups: [""] # "" indicates the core API group
    resources: ["endpoints"]
    verbs: ["get", "watch", "list"]

ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: fabric8-rbac
subjects:
  - kind: ServiceAccount
    # Reference to upper's `metadata.name`
    name: default
    namespace: "${NAMESPACE}"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

I think that these requirements should be documented: DocRef: https://quarkus.io/blog/stork-kubernetes-discovery/

Also would be great to understand why org.bouncycastle:bctls-jdk15on is needed and check if we could do something in order to avoid this extra dependency

Reproducer: https://github.com/quarkus-qe/quarkus-test-suite/pull/572

Expected behavior

No response

Actual behavior

No response

How to Reproduce?

No response

Output of `uname -a` or `ver`

No response

Output of `java -version`

No response

GraalVM version (if different from Java)

No response

Quarkus version or git rev

No response

Build tool (ie. output of `mvnw --version` or `gradlew --version`)

No response

Additional information

No response

About this issue

Original URL
State: closed
Created 2 years ago
Comments: 16 (15 by maintainers)

Commits related to this issue

Print a warning if the Stork Kubernetes service discovery is used without the kubernetes client Fix https://github.com/quarkusio/quarkus/issues/24444 — committed to cescoffier/quarkus by cescoffier 2 years ago
Print a warning if the Stork Kubernetes service discovery is used without the kubernetes client Fix https://github.com/quarkusio/quarkus/issues/24444 (cherry picked from commit 4e715792c78d8f6d82087... — committed to gsmet/quarkus by cescoffier 2 years ago

Most upvoted comments

CC @aureamunoz

michalszynkiewicz on Mar 21, 2022

quarkus: `stork-service-discovery-kubernetes` extension requires some extra configutation that is not documented

Describe the bug

Expected behavior

Actual behavior

How to Reproduce?

Output of uname -a or ver

Output of java -version

GraalVM version (if different from Java)

Quarkus version or git rev

Build tool (ie. output of mvnw --version or gradlew --version)

Additional information

About this issue

Commits related to this issue

Most upvoted comments

Output of `uname -a` or `ver`

Output of `java -version`

Build tool (ie. output of `mvnw --version` or `gradlew --version`)