Configure Maven

Maven Settings

The Maven settings, used by the Camel K operator, can be provided in a ConfigMap or a Secret.

The kubectl CLI provides convenient commands, to create a ConfigMap or a Secret from a file, e.g.:

$ kubectl create configmap maven-settings --from-file=settings.xml

The created ConfigMap or Secret can then be referenced in the IntegrationPlatform resource, from the spec.build.maven.settings field, e.g.:

apiVersion: camel.apache.org/v1
kind: IntegrationPlatform
metadata:
  name: camel-k
spec:
  build:
    maven:
      settings:
        configMapKeyRef:
          key: settings.xml
          name: maven-settings

Maven Settings Security

If your project also requires a Maven Settings Security in a settings-security.xml file (as described in the official Maven Password Encryption guide), you can create a ConfigMap or Secret for that file

$ kubectl create configmap maven-settings-security --from-file=settings-security.xml

and reference it in the IntegrationPlatform resource:

apiVersion: camel.apache.org/v1
kind: IntegrationPlatform
metadata:
  name: camel-k
spec:
  build:
    maven:
      settings:
        configMapKeyRef:
          key: settings.xml
          name: maven-settings
      settingsSecurity:
        configMapKeyRef:
          key: settings-security.xml
          name: maven-settings-security

The IntegrationPlatform resource can be edited directly, to reference the ConfigMap(s) or the Secret(s) that contains the Maven settings and settings security, e.g.:

$ kubectl edit ip camel-k

Alternatively, the Kamel CLI provides the --maven-settings option, with the install command, that can be used to configure the Maven settings at installation time, e.g.:

$ kamel install --maven-settings=configmap|secret:name[/key]

In case you only want to configure remote repositories, you can use the --maven-repository option, that automatically generates a settings.xml file and relieves from creating a ConfigMap or Secret, e.g.:

$ kamel install --maven-repository <repository_url>
Check the CA Certificates section, if these remote repositories require custom CA certificates.

Extra attributes can be appended to the repository_url, using the @ separator. The following attributes are supported:

Table 1. Maven Repository Attributes
Name Type Description

@id

string

Sets the repository id

@name

string

Sets the repository name

@snapshots

flag

Turns snapshots.enabled to true

@noreleases

flag

Turns snapshots.enabled to false

@checksumpolicy

string

Sets the repository checksumPolicy

@mirrorOf

string

Declares the repository as a mirror of the repositories with matching ids

For example, running the following command:

$ kamel install --maven-repository https://repository.apache.org/content/groups/snapshots-group@id=apache@snapshots@noreleases

Results in generating the following settings.xml file:

<repositories>
  <repository>
    <id>apache</id>
    <url>http://repository.apache.org/content/groups/snapshots-group</url>
    <snapshots>
      <enabled>true</enabled>
    </snapshots>
    <releases>
      <enabled>false</enabled>
    </releases>
  </repository>
</repositories>
The --maven-settings and --maven-repository options are mutually exclusive.

You can find more information in the Introduction to Repositories from the Maven documentation.

HTTP Proxy

HTTP proxy can be configured on the Camel K operator Deployment, with the usual HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables.

The operator automatically configures Maven according to the values of these variables.

See the HTTP proxy documentation for more details.

The generated configuration can be overwritten in the Maven Settings if necessary.

CA Certificates

The CA certificates, used by the Maven commands to connect to the remote Maven repositories, can be provided in a Secret.

The kubectl CLI provides a convenient command, to create a Secret from a file, e.g.:

$ kubectl create secret generic maven-ca-certs --from-file=ca.crt

The Secret can contain X.509 certificates, and PKCS#7 formatted certificate chains. A JKS formatted keystore is automatically created to store the CA certificate(s), and configured to be used as a trusted certificate(s) by the Maven commands. The root CA certificates are also imported into the created keystore.

The created Secret can then be referenced in the IntegrationPlatform resource, from the spec.build.maven.caSecret field, e.g.:

apiVersion: camel.apache.org/v1
kind: IntegrationPlatform
metadata:
  name: camel-k
spec:
  build:
    maven:
      caSecret:
        key: tls.crt
        name: tls-secret

Alternatively, the Kamel CLI provides the --maven-ca-secret option, with the install command, that can be used to configure the Maven CA Secret at installation time, e.g.:

$ kamel install --maven-ca-secret <secret_name>/<secret_key>

Maven Extensions

The Maven extensions used by the Camel K operator while building integrations can be configured using the Kamel CLI through the --maven-extension option, e.g.:

$ kamel install --maven-extension fi.yle.tools:aws-maven:1.4.2

The IntegrationPlatform resource stores extensions in the spec.build.maven.extension field, e.g:

apiVersion: camel.apache.org/v1
kind: IntegrationPlatform
metadata:
  name: camel-k
spec:
  build:
    maven:
      extension:
      - artifactId: aws-maven
        groupId: fi.yle.tools
        version: 1.4.2

The IntegrationPlatform resource can be edited directly, to add or remove extensions, e.g.:

$ kubectl edit ip camel-k

Maven extensions are typically used to enable Wagon Providers, used for the transport of artifacts between repository.

S3 Bucket as a Maven Repository

In this section, we will show how to configure Camel K to fetch artifacts from a S3 bucket that’s set up as a Maven repository. We will assume that the bucket is already up and running and configured correctly. We will also assume you know how to set up Maven locally to fetch artifacts from it.

Custom Maven Settings

The first thing that needs to be done is to create a Maven settings file configured to use the S3 bucket as a Maven repository. The Maven settings file will be used by the Camel K operator so make sure your S3 instance is accessible in your cluster.

The Maven settings will contain all the information needed for Maven to access the S3 bucket namely your credentials, S3 URL and bucket name. This information will typically be located in the server and repository section of your Maven settings.

For example when using MinIO as a S3 provider and fi.yle.tools:aws-maven:1.4.3 as a Wagon Provider, your Maven settings will look something like this:

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
  <servers>
    <server>
      <id>minio-release</id>
      <username>291cafe6-eceb-43dc-91b3-58be867d9da2</username>
      <password>e383fed0-4645-45f6-acea-65f3748b96c8</password>
      <configuration>
        <wagonProvider>s3</wagonProvider>
        <s3Provider>minio</s3Provider>
        <endpoint>https://minio-tenant-1-hl.minio-tenant-1.svc.cluster.local:4430</endpoint>
      </configuration>
    </server>
    <server>
      <id>minio-snapshot</id>
      <username>291cafe6-eceb-43dc-91b3-58be867d9da2</username>
      <password>e383fed0-4645-45f6-acea-65f3748b96c8</password>
      <configuration>
        <wagonProvider>s3</wagonProvider>
        <s3Provider>minio</s3Provider>
        <endpoint>https://minio-tenant-1-hl.minio-tenant-1.svc.cluster.local:4430</endpoint>
      </configuration>
    </server>
  </servers>
  <profiles>
    <profile>
      <id>maven-settings</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <repositories>
        <repository>
          <id>central</id>
          <url>https://repo.maven.apache.org/maven2</url>
          <snapshots>
            <enabled>false</enabled>
            <checksumPolicy>fail</checksumPolicy>
          </snapshots>
          <releases>
            <enabled>true</enabled>
            <checksumPolicy>fail</checksumPolicy>
          </releases>
        </repository>
        <repository>
          <id>minio-release</id>
          <name>MinIO Release Repository</name>
          <url>s3://maven/release</url>
        </repository>
        <repository>
          <id>minio-snapshot</id>
          <name>MinIO Snapshot Repository</name>
          <url>s3://maven/snapshot</url>
        </repository>
      </repositories>
      <pluginRepositories>
        <pluginRepository>
          <id>central</id>
          <url>https://repo.maven.apache.org/maven2</url>
          <snapshots>
            <enabled>false</enabled>
            <checksumPolicy>fail</checksumPolicy>
          </snapshots>
          <releases>
            <enabled>true</enabled>
            <checksumPolicy>fail</checksumPolicy>
          </releases>
        </pluginRepository>
        <pluginRepository>
          <id>minio-snapshot</id>
          <name>MinIO Snapshot Repository</name>
          <url>s3://maven/snapshot</url>
        </pluginRepository>
             <pluginRepository>
          <id>minio-release</id>
          <name>MinIO Release Repository</name>
          <url>s3://maven/release</url>
        </pluginRepository>
        <pluginRepository>
            <id>yle-public</id>
            <name>Yle public repository</name>
            <url>https://maven.yle.fi/release</url>
            <layout>default</layout>
        </pluginRepository>
      </pluginRepositories>
    </profile>
  </profiles>
</settings>

Since these settings contains credentials, you will want to store it in a Kubernetes Secret. As mentioned above, the kubectl CLI provides a convenient command to create a Secret from a file, e.g.:

$ kubectl create secret generic camel-k-s3-maven-settings --from-file=maven-settings=maven_settings.xml

S3 TLS Certificates

In most cases, you will need to add the certificate(s) served by your S3 instance to the list of certificate(s) trusted by the Camel K Operator when running Maven commands. Where/how to get the certificate(s) varies greatly depending on how your S3 instance is set up, and will not be covered here. Once retrieved, you should create a Kubernetes Secret containing the certificate(s) similar to what is described in the section CA Certificates, e.g.:

$ kubectl create secret generic s3-ca --from-file=s3-ca=ca.crt

Maven settings, certificates and extensions

We are now ready to configure the Camel K operator to use your S3 bucket as a Maven repository. This can be done while installing the Operator using the Kamel CLI, e.g:

$ kamel install --maven-settings secret:camel-k-s3-maven-settings/maven-settings --maven-ca-secret s3-ca/s3-ca --maven-extension fi.yle.tools:aws-maven:1.4.3

Maven dependencies hosted in your S3 bucket can now be used just like any other dependency when running an integration. For example when using the Kamel CLI using the --dependency option:

$ kamel run S3.java --dependency=mvn:artfiactId:groupId:version

Enjoy !