-
-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add support for custom root certificates in Java keystore #671
base: main
Are you sure you want to change the base?
Conversation
I run What commands do I need to run before launching docker build? |
#!/bin/sh | ||
|
||
CERT_DIR="/etc/kafkaui/certs" | ||
KEYSTORE="$JAVA_HOME/lib/security/cacerts" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd rather see a custom truststore created and passed via these spring properties
server:
ssl:
trust-store: classpath:keycloak-truststore.jks
trust-store-password: changeit
rather than messing with jre's truststore, what do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
where configure spring properties?
do I need to add a certificate to keycloak-truststore.jks ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do I need to add a certificate to keycloak-truststore.jks ?
we can build a new truststore from scratch within the same script and put it somewhere
where configure spring properties?
I believe we can try setting env vars likeSERVER_SSL_TRUST-STORE: xxx
, or leave this to the user (given this will be well documented, adding a few config properties is way easier than building a truststore from scratch)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not Java developer. I don`t know spring. Could you share simple example without kubernetes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Haarolean Could you share simple example without kubernetes?
clean install with prod profile enabled will build the image, you don't have to do this manually. |
Feature: Custom Root Certificates in Java Keystore
Description
This pull request introduces support for importing custom root certificates into the Java keystore during the Docker image build process. This enhancement allows the application to trust additional certificates, which is particularly useful for environments where custom certificates are required.
Changes
/etc/kafkaui/certs
)..crt
files found in the/etc/kafkaui/certs
directory into the Java keystore usingkeytool
.Please review and provide feedback.
How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)
Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)
Check out Contributing and Code of Conduct
A picture of a cute animal (not mandatory but encouraged)