I have a Spring boot application which is configured with https with the below properties.
server.ssl.keyStore=/users/admin/certs/appcert.jks
server.ssl.keyStorePassword=certpwd
server.ssl.trustStore=/users/admin/certs/trustcert
server.ssl.trustStorePassword=trustpwdThese applications were running in VM's and the certs were placed in the defined path. Now, trying to deploy this application into Kubernetes and not sure how to achieve this.
I already have created mount for application.properties in configMap. In my dockerFile,
--spring.config.location=file:/conf/application.properties
and in deployments.yaml like the below one.
"spec": {
"volumes": [
{
"name": "app-prop",
"configMap": {
"name": "app-config",
"items": [
{
"key": "application.properties",
"path": "application.properties"
}
]
}
}
],
"containers": [
{
"name": "app-service",
"image": "docker.com/app-service",
"volumeMounts": [
{
"name": "app-prop",
"mountPath": "/conf"
}
],
"imagePullPolicy": "IfNotPresent"
}
],
The property server.ssl.keyStore is in application.properties.
Since those keystores are password protected, arguably you could just bundle them into the docker image and reference them relative to the image's root, then inject the passwords via enviroment variables that are set from Secrets:
apiVersion: v1
kind: Secret
metadata:
name: spring-ssl
data:
keyPass: bAsE64TxT
---
kind: Pod
# etc
containers:
- env:
- name: SERVER_SSL_KEY_STORE_PASSWORD
valueFrom:
secretKeyRef:
key: spring-ssl
name: keyPassSpring Boot will grab those correctly formatted environment variables and apply them on top of any other configuration values, yielding (hopefully) the correct assignment without having to hard-code the passwords anywhere easily accessible
However, if you'd prefer to keep even the jks out of the docker image, then one could feel free to stash the jks in the same Secret, or even a separate one, and volumeMount the jks in place