search

spaship / operator

SPAship Operator
https://spaship.io/operator/
Apache License 2.0
1 stars 2 forks source link

Custom CA certificates support #24

Closed lkrzyzanek closed 3 years ago

lkrzyzanek commented 3 years ago

Adding cacert into operator is realtivelly easy - see bellow.

But the issue is that init and api containers needs to be customized by operator.

How to customize cacerts in operator

The operator uses default Java cacerts file located in $JAVA_HOME/lib/security/cacerts.

To override it follow these steps:

  1. Prepare custom cacerts 
    sudo $JAVA_HOME/bin/keytool -import -trustcacerts -alias  redhat-it -file RH-IT-Root-CA.crt -cacerts
  2. Create secret with custom cacerts file 
    kubectl create secret -n websitecd generic websitecd-operator-cacerts --from-file=$JAVA_HOME/lib/security/cacerts
  3. Uncomment volumeMounts, volumes and JAVA_OPTIONS in install.yaml manifest and apply. 
    kubectl apply -n websitecd -f manifests/install.yaml
lkrzyzanek commented 3 years ago

The preferred way is to use images layering and build own images. Java doesn't need to be customised because it uses system CA certificates.