8000 Document how to configure Istio to allow for JGroups mTLS by ahus1 · Pull Request #39363 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Document how to configure Istio to allow for JGroups mTLS #39363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 2, 2025
Merged

Document how to configure Istio to allow for JGroups mTLS #39363

merged 3 commits into from
May 2, 2025

Conversation

ahus1
Copy link
Contributor
@ahus1 ahus1 commented Apr 30, 2025

Closes #39065

@ahus1 ahus1 self-assigned this Apr 30, 2025
@ahus1
Document how to configure Istio to allow for JGroups mTLS
4ac435d 
Closes keycloak#39065

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
@ahus1 ahus1 force-pushed the is-39065-service-mesh-jgroups-mtls branch from a246e73 to 4ac435d Compare April 30, 2025 11:14
@ahus1 ahus1 mentioned this pull request Apr 30, 2025
Closed
2 tasks
@ahus1 ahus1 marked this pull request as ready for review May 2, 2025 07:41
@ahus1 ahus1 requested review from a team as code owners May 2, 2025 07:41
@ahus1
Copy link
Contributor Author
ahus1 commented May 2, 2025

@mhajas / @pruivo - please review when you have the time. Thanks! I didn't yet do a full setup of Istio to try this out.

pruivo
pruivo reviewed May 2, 2025
View reviewed changes
ahus1 and others added 2 commits May 2, 2025 14:00
@ahus1 @pruivo
Update docs/guides/server/caching.adoc
456bcae 
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
@ahus1
Rework after review
4be5e13 
Closes keycloak#39065

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
@ahus1 ahus1 requested a review from mhajas May 2, 2025 12:02
@ahus1
Copy link
Contributor Author
ahus1 commented May 2, 2025

I've accepted @pruivo's change and also changed one other occurrence of "node" in the paragraph to state "Pod".

Please re-review, @mhajas, when you have the time. Once the build is green it should then be ready to merge. Thanks!

mhajas
mhajas reviewed May 2, 2025
View reviewed changes
docs/guides/server/caching.adoc Outdated
8000
When using a service mesh like Istio, you might need to allow a direct mTLS communication between the {project_name} Pods to allow for the mutual authentication to work.
Otherwise, you might see error messages like `JGRP000006: failed accepting connection from peer SSLSocket` that indicate that a wrong certificate was presented, and the cluster will not form correctly.

You then have the option to allow direct mTLS communication between the {project_name} nodes, or rely on the service mesh transport security to encrypt the communication and to authenticate peers.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
You then have the option to allow direct mTLS communication between the {project_name} nodes, or rely on the service mesh transport security to encrypt the communication and to authenticate peers.
You then have the option to allow direct mTLS communication between the {project_name} Pods, or rely on the service mesh transport security to encrypt the communication and to authenticate peers.

mhajas
mhajas approved these changes May 2, 2025
View reviewed changes
Copy link
Contributor
@mhajas mhajas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @ahus1. LGTM

@ahus1 ahus1 enabled auto-merge (squash) May 2, 2025 12:06
@ahus1 ahus1 merged commit f794087 into keycloak:main May 2, 2025
54 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pruivo pruivo pruivo left review comments

@mhajas mhajas mhajas approved these changes

Assignees

@ahus1 ahus1

@mhajas mhajas

Labels
team/cloud-native
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Issue with SSL and CertificatereloadManager in Keycloak 26.2 when using Istio
3 participants
@ahus1 @pruivo @mhajas
0