-
Bug
-
Resolution: Done
-
Critical
-
AMQ 7.9.1.GA
-
False
-
False
-
-
+
-
Undefined
It's a common case to use only one certificate for all exposed endpoints by the broker.
For example, when applying a new Custom Resource and exposing the console using SSL, if you want to use the same certificate for both acceptor and the console, you need to create different secrets.
The following configuration fails:
apiVersion: broker.amq.io/v2alpha3 kind: ActiveMQArtemis metadata: name: my-cluster application: my-cluster-app spec: version: 7.7.0 adminUser: adminuser adminPassword: adminpass deploymentPlan: size: 1 image: registry.redhat.io/amq7/amq-broker:7.7 requireLogin: true persistenceEnabled: true storage: size: "1Gi" journalType: nio messageMigration: true console: expose: true sslEnabled: true sslSecret: my-tls-secret acceptors: - name: amqp-ssl protocols: amqp port: 5671 sslEnabled: true sslSecret: my-tls-secret enabledProtocols: TLSv1,TLSv1.1,TLSv1.2 needClientAuth: false wantClientAuth: false expose: true anycastPrefix: jms.queue. multicastPrefix: /topic/ connectionsAllowed: 5 upgrades: enabled: false minor: false
The above CR will throw the event:
Warning FailedCreate statefulset/my-cluster-ss create Pod my-cluster-ss-0 in StatefulSet my-cluster-ss failed error: Pod "my-cluster-ss-0" is invalid: [spec.volumes[2].name: Duplicate value: "my-tls-secret-volume", spec.containers[0].volumeMounts[2].mountPath: Invalid value: "/etc/my-tls-secret-volume": must be unique]
The same problem occurs if you are using the same certificate-secret in more than one acceptor. Example: when configuring one AMQP-SSL and one CORE-SSL acceptors, you have to set different secret names in every acceptor configuration. If you don't do it, the same event shown above is raised.
With the current operator, if you want to expose the five protocols (core, amqp, openwire, mqtt, stomp) and also the web-console, everything using SSL with the same certificate, you'll need to create six secrets containing that single certificate.
- is cloned by
-
ENTMQBR-7862 [LTS] Allow to use the same secret in multiple spec configurations
- Closed
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...