Allow Bundle to specify jks keystore alias

[dsand1234]

Right now the alias is not predictable (it seems to be auto generated based on a hash) and my app requires me to specify a keystore alias. ( The alias should be able to be determined ahead of time without having to deploy the bundle and then extract / examine the keystore that was output. Ideally, one should be able to specify the alias. )

[erikgb]

@dsand1234 Which alias are you referring to here? AFAIK the alias in a truststore should be irrelevant. That is different from a keystore, where it matters. You usually trust all root certificates in the truststore, so there should be no need to specify an alias. I don't think it will be possible to have predefined aliases, as the root certificates to include in the trust bundle are sourced from PEM. And certificate alias is a keystore/truststore thing. See also https://github.com/cert-manager/trust-manager/issues/44.

[dsand1234]

@erikgb You are right, I was trying to use Bundle to create a keystore rather than a truststore. What I should be doing is distributing the trust bundle to the various namespaces using Bundle and then having a certificate and issuer in the namespace do the self signing.

[erikgb]

You should use cert-manager to issue certificates. Trust-manager is for distributing certificates you trust.