Kpack: 如何将自定义证书添加到由Kpack生成的镜像的JVM信任库中

huangapple go评论72阅读模式
英文:

Kpack: How to add a custom certificate into JVM truststore of a kpack generated Image

问题

我使用kpack生成Java - Spring Boot应用程序的容器镜像。我需要生成容器镜像中的JVM信任自定义自签名证书。我该如何构建所需的YAML文件?

英文:

I am using kpack to generate container images of a Java - Spring Boot app. I need the JVM in the generated container image to trust a custom self-signed certificate. How do I construct the required YAML(s) for this?

答案1

得分: 1

首先,我假设您正在使用Paketo构建包,文档 解释了如何在构建包中为JVM Truststore提供CA证书,可以在以下两种情况下进行:

  • 构建时(如果您在各个环境中使用相同的CA证书,这是最简单的解决方案,因为您只需在构建时提供CA证书,镜像就可以准备好部署)或者
  • 运行时(如果您的CA证书在不同环境中不同,这是一个更复杂的选项,因为在kpack中,您需要在部署时提供并绑定CA证书)。

如果选择运行时,那么您需要创建一个服务绑定,将其链接到您的CA证书。

希望对您有所帮助!

英文:

First, I assume you are using Paketo buildpacks, and the documentation explains how you can provide a CA certificate to your JVM Truststore, either at

  • buildtime (if you use the same CA certificate for your image across your environments; that's the easiest solution since you just need to provide your CA cert during buildtime and the image is ready to be deployed) or at
  • runtime (if your CA cert is going to be different across environments; that's a more complicated option since at deployment time, in kpack, you will need to provide and bind the CA certificate)

If you choose runtime, then you would need to create a service binding that would link to your CA certificate

Hope that helps!

huangapple
  • 本文由 发表于 2023年4月4日 16:38:08
  • 转载请务必保留本文链接:https://go.coder-hub.com/75927220.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定