keytool -importcert -file /tmp/certs/mycertificate.crt -alias mycert -keystore /tmp/cacerts -storepass changeit -noprompt
1. cofigmap 생성
kubectl create configmap my-certificates --from-file=mycertificate.crt=/path/to/your/certificate.crt
2.deployment initContainers 입력
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-java-app
labels:
app: my-java-app
spec:
replicas: 3
selector:
matchLabels:
app: my-java-app
template:
metadata:
labels:
app: my-java-app
spec:
containers:
- name: my-java-app-container
image: openjdk:11-jre-slim
command: ["java", "-jar", "/app/my-application.jar"]
volumeMounts:
- name: cacerts
mountPath: /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts
subPath: cacerts
- name: certs
mountPath: /tmp/certs
initContainers:
- name: setup-cacerts
image: openjdk:11-jre-slim
command:
- sh
- -c
- |
cp /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts /tmp/cacerts
keytool -importcert -file /tmp/certs/mycertificate.crt -alias mycert \
-keystore /tmp/cacerts -storepass changeit -noprompt
cp /tmp/cacerts /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts
volumeMounts:
- name: cacerts
mountPath: /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts
subPath: cacerts
- name: certs
mountPath: /tmp/certs
- name: cacerts-tmp
mountPath: /tmp/cacerts
volumes:
- name: cacerts
emptyDir: {}
- name: certs
configMap:
name: my-certificates
- name: cacerts-tmp
emptyDir: {}
728x90
댓글