Reputation: 23277
Kubernetes: Populate certificates into keystores
Guess you have deployed a service which's using certificates in order to create tls/https communications.
So, I need to deploy java client containers which have to trust with these certificates.
Nevertheless, java looks up in truststores in order to check whether the certificate is valid.
As you can see, I'm not able to create an image using these certificates since they are unknown in build time.
I mean, I'm not able to create this kind of Dockerfile snippet, due to /var/run/secrets/kubernetes.io/certs/tls.crt is not located on build-time.
RUN keytool -import -alias vault -storepass changeit -keystore truststore.jks -noprompt -trustcacerts -file /var/run/secrets/kubernetes.io/certs/tls.crt
So, how can I populate these truststores filled with these certificates when containers/pods are deployed/started?
I hope I've explained so well.
Upvotes: 11
Views: 18805
Answers (1)
Reputation: 12850
RedHat has a tutorial on how to do this on OpenShift:
https://developers.redhat.com/blog/2017/11/22/dynamically-creating-java-keystores-openshift/
It uses OpenShifts built in CA to actually generate and supply the certificate, so if using vanilla k8s you'll need to do that yourself, but once you have the certificate in a file on the pod, the method is exactly the same.
Upvotes: 10
Related Questions
- Add certificates to global Java truststore in code (programatically)
- How to use Kubernetes SSL certificates
- Kubernetes - Create custom secret holding SSL certificates
- Programmatically issuing a Kubernetes certificate
- Kubernate Pod : How to import Certificate into Java Truststore?
- How to automatically add a certificate to a Java trust store on kubernetes whenever a new pod is created?
- How can I add root certs into my existing truststore.jks file using kubectl?
- Kubernetes user authentication with certificate
- Generate single certificate for multiple Kubernetes nodes
- Installing certificates on Kubernetes