cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(traefik): make TLS cert resolver configurable, omit when unset
All checks were successful
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Successful in 1m15s
Details
CI / docker (push) Successful in 1m3s
Details
CI / deploy-feature (push) Has been skipped
Details
CI / deploy (push) Successful in 42s
Details

Browse Source 
Previously `TraefikLabelBuilder` hardcoded `tls.certresolver=default` on
every router. That assumes a resolver literally named `default` exists
in the Traefik static config — true for ACME-backed installs, false for
dev/local installs that use a file-based TLS store. Traefik logs
"Router uses a nonexistent certificate resolver" for the bogus resolver
on every managed app, and any future attempt to define a differently-
named real resolver would silently skip these routers.

Server-wide setting via `CAMELEER_SERVER_RUNTIME_CERTRESOLVER` (empty by
default) flows through `ConfigMerger.GlobalRuntimeDefaults.certResolver`
into `ResolvedContainerConfig.certResolver`. When blank the
`tls.certresolver` label is omitted entirely; `tls=true` is still
emitted so Traefik serves the default TLS-store cert. When set, the
label is emitted with the configured resolver name.

Not per-app/per-env configurable: there is one Traefik per server
instance and one resolver config; app-level override would only let
users break their own routers.

TDD: TraefikLabelBuilderTest gains 3 cases (resolver set, null, blank).
Full unit suite 211/0/0.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-23 18:18:47 +02:00
parent 165c9f10e3
commit 21db92ff00
8 changed files with 56 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cameleer-server-core/src/main/java/com/cameleer/server/core/runtime/ConfigMerger.java
View File

@@ -34,7 +34,8 @@ public final class ConfigMerger {
stringVal(appConfig, envConfig, "runtimeType", "auto"),
stringVal(appConfig, envConfig, "customArgs", ""),
stringList(appConfig, envConfig, "extraNetworks"),
boolVal(appConfig, envConfig, "externalRouting", true)
boolVal(appConfig, envConfig, "externalRouting", true),
global.certResolver()
);
}
@@ -108,6 +109,7 @@ public final class ConfigMerger {
int cpuRequest,
String routingMode,
String routingDomain,
String serverUrl
String serverUrl,
String certResolver
) {}
}

3
cameleer-server-core/src/main/java/com/cameleer/server/core/runtime/ResolvedContainerConfig.java
View File

@@ -23,7 +23,8 @@ public record ResolvedContainerConfig(
String runtimeType,
String customArgs,
List<String> extraNetworks,
boolean externalRouting
boolean externalRouting,
String certResolver
) {
public long memoryLimitBytes() {
return (long) memoryLimitMb * 1024 * 1024;