본문 바로가기
OS/kubernetes

🥰 k8s initContainers java keytools 사용법

by Knowledge Store In Hyunsoft 2024. 8. 12.

 

keytool -importcert -file /tmp/certs/mycertificate.crt -alias mycert -keystore /tmp/cacerts -storepass changeit -noprompt

 

 

1. cofigmap 생성

kubectl create configmap my-certificates --from-file=mycertificate.crt=/path/to/your/certificate.crt

 

2.deployment initContainers 입력

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-java-app
  labels:
    app: my-java-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-java-app
  template:
    metadata:
      labels:
        app: my-java-app
    spec:
      containers:
      - name: my-java-app-container
        image: openjdk:11-jre-slim
        command: ["java", "-jar", "/app/my-application.jar"]
        volumeMounts:
        - name: cacerts
          mountPath: /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts
          subPath: cacerts
        - name: certs
          mountPath: /tmp/certs
      initContainers:
      - name: setup-cacerts
        image: openjdk:11-jre-slim
        command:
          - sh
          - -c
          - |
            cp /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts /tmp/cacerts
            keytool -importcert -file /tmp/certs/mycertificate.crt -alias mycert \
            -keystore /tmp/cacerts -storepass changeit -noprompt
            cp /tmp/cacerts /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts
        volumeMounts:
        - name: cacerts
          mountPath: /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts
          subPath: cacerts
        - name: certs
          mountPath: /tmp/certs
        - name: cacerts-tmp
          mountPath: /tmp/cacerts
      volumes:
      - name: cacerts
        emptyDir: {}
      - name: certs
        configMap:
          name: my-certificates
      - name: cacerts-tmp
        emptyDir: {}
728x90

댓글