I need to add jks file to my JVM for SSL Handshake with the server. The JKS is mounted in volume and available to the docker container. How do I pass the JKS truststore path and password to the Springboot(JVM) during start up. One option I think is as an environment variables (-Djavax.net.ssl.trustStore, -Djavax.net.ssl.trustStorePassword) . For Openshift, following works as described in the url below.
Option 1:
env:
- name: JAVA_OPTIONS
value: -Djavax.net.ssl.trustStore=/var/run/secrets/java.io/keystores/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit
https://developers.redhat.com/blog/2017/11/22/dynamically-creating-java-keystores-openshift/
But, I don't seem to find similar JAVA_OPTIONS environment variable for Kubernetes.
Option2 :
My Docker file is:
FROM openjdk:8-jre-apline
..........
........
ENTRYPOINT ["java", "-jar", "xxx.jar"]
Can this be changed as below and the $JAVA_OPTS can be set as env variable to JVM via configmap?
FROM openjdk:8-jre-apline
..........
........
ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -jar xxx.jar" ]
Configmap:
JAVA_OPTS: "-Djavax.net.ssl.trustStore=/var/run/secrets/java.io/keystores/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit"
Please suggest if this would work or anyother better solutions. More preferred if we can get store the password in secret.