[
https://issues.jboss.org/browse/TEIIDSB-86?page=com.atlassian.jira.plugin...
]
Steven Hawkins commented on TEIIDSB-86:
---------------------------------------
On the teiid properties we either need to be able to specify truststore/keystore
properties or assume that all relevant javax ssl properties will be set. However we
currently expect at least an explicit setting for the ssl mode (enabled, disable, login).
There is an optional setting for the authentication type (one-way, two-way, anonymous) -
we can probably ignore the anonymous type for now.
On the openshift side, I think there was some initiative to add the cluster certificates
to the default java image truststore. Here's a description of how it works manually
with init containers:
https://developers.redhat.com/blog/2017/11/22/dynamically-creating-java-k...
So with an additional service annotation we can have a service serving certificates secret
and can use that as the private key.
Plans for secure socket transports
----------------------------------
Key: TEIIDSB-86
URL:
https://issues.jboss.org/browse/TEIIDSB-86
Project: Teiid Spring Boot
Issue Type: Quality Risk
Reporter: Steven Hawkins
Assignee: Steven Hawkins
Priority: Major
Fix For: 1.1.0
The Teiid Spring Boot configuration allows for only non-secured pg / JDBC socket
transports. For external client scenarios and even for varying degrees of compliance with
intra-cluster traffic, a secure layer may be required.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)