Using keystore.jks file that is created by certmanager

[mefrom]

The showstopper issue we are facing is on Inbound Certs. Cert Manager allows us to request a cert and gives us the ability place that cert in a jks file within the secret. (at cert request time) The jks file is named keystore.jks. But PEGA wants the name of the jks to be TOMCAT_KEYSTORE_CONTENT’.

This is the issue, we need PEGA to allow us to use keystore.jks by default.

We should also be able to pick up the keystore password from a secret and not have to hardcode the value in the yaml

Cert manager automates the certificate lifecycle management, it renews the certificate and updates the certificate as well as the keystore.jks in the secret. We would then merely need to recycle the pod and pick up the new keystore.jks file from the secret every time the cert gets renewed.

But currently we must copy the contents of the keystore.jks , within the updated secret to another field named TOMCAT_KEYSTORE_CONTENT’. And then recycle. This is undesirable.

[maracle6]

@mefrom This functionality is now available in release v3.13.0 or later

[kishorv10]

The issue is addressed as part of https://github.com/pegasystems/docker-pega-web-ready/pull/205 and it is available for consumption. Hence closing it.