#2 OZG-7121 helm: Add keystore-truststore-from-tls-secret image

a1586d6a · Jan Zickermann · 1afcd95a · a1586d6a · a1586d6a · a1586d6a
Commit a1586d6a authored 5 months ago by Jan Zickermann
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -143,3 +143,14 @@ push-release-image-nexus:
    - mvn deploy -Pnexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
  rules:
    - if: $CI_COMMIT_TAG
+
+
+# Extra jobs
+push-keystore-assembler-image-nexus:
+  stage: publish
+  script:
+    - docker build -f keystore-truststore-from-tls-secret.dockerfile -t keystore-truststore-from-tls-secret:latest .
+    - echo "$NEXUS_PASSWORD" | docker login -u "$NEXUS_USER" --password-stdin nexus.ozg-sh.de
+    - docker tag keystore-truststore-from-tls-secret:latest docker.ozg-sh.de/keystore-truststore-from-tls-secret:latest
+    - docker push docker.ozg-sh.de/keystore-truststore-from-tls-secret:latest
+  when: manual
\ No newline at end of file
--- a/keystore-truststore-from-tls-secret.dockerfile
+++ b/keystore-truststore-from-tls-secret.dockerfile
+FROM alpine:3.21
+
+RUN apk add --no-cache openssl openjdk11
+
+COPY src/main/resources/store/keystore-truststore-from-tls-secret.sh ./
+
+VOLUME /store /tls
+
+ENTRYPOINT [ "/bin/sh", "keystore-truststore-from-tls-secret.sh" ]
\ No newline at end of file
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -59,17 +59,7 @@ spec:
            app.kubernetes.io/name: {{ .Release.Name }}
      initContainers:
        - name: init-keystore-and-truststore
-          image: alpine:3.21
-          command: [ "/bin/sh", "-c" ]
-          args:
-            - |
-              apk add --no-cache openssl openjdk11
-
-              echo "[1.0] Import Root CA into Xta-Server-Truststore"
-              keytool -importcert -alias xta-test-root-ca -keystore /store/keystore.jks -storetype JKS -storepass password -file /tls/ca.crt -noprompt
-
-              # Create a PKCS#12 keystore from tls.crt and tls.key
-              openssl pkcs12 -export -in /tls/tls.crt -inkey /tls/tls.key -out /store/keystore.p12 -name xta-test-server -passout pass:password
+          image: docker.ozg-sh.de/keystore-truststore-from-tls-secret:latest
          volumeMounts:
            - name: xta-test-server-tls-store
              mountPath: "/tls/"

--- a/src/main/resources/store/keystore-truststore-from-tls-secret.sh
+++ b/src/main/resources/store/keystore-truststore-from-tls-secret.sh
+#!/bin/sh
+
+IN_CA_CRT=${IN_CA_CRT-:/tls/ca.crt}
+IN_TLS_KEY=${IN_TLS_KEY-:/tls/tls.key}
+IN_TLS_CRT=${IN_TLS_CRT-:/tls/tls.crt}
+
+OUT_JKS_TRUSTSTORE=${OUT_JKS_TRUSTSTORE-:/store/truststore.jks}
+OUT_JKS_TRUSTSTORE_KEY_ALIAS=${OUT_JKS_TRUSTSTORE_KEY_ALIAS-:xta-test-root-ca}
+OUT_JKS_TRUSTSTORE_KEY_PASSWORD=${OUT_JKS_TRUSTSTORE_KEY_PASSWORD-:password}
+echo "[1.0] Create $OUT_JKS_TRUSTSTORE from $IN_CA_CRT"
+keytool -importcert -alias "$OUT_JKS_TRUSTSTORE_KEY_ALIAS" -keystore "$OUT_JKS_TRUSTSTORE" -storetype JKS -storepass "$OUT_JKS_TRUSTSTORE_KEY_PASSWORD" -file "$IN_CA_CRT" -noprompt
+
+OUT_P12_KEYSTORE=${OUT_P12_KEYSTORE-:/store/keystore.p12}
+OUT_P12_KEYSTORE_KEY_ALIAS=${OUT_P12_KEYSTORE_KEY_ALIAS-:xta-test-server}
+OUT_P12_KEYSTORE_KEY_PASSWORD=${OUT_P12_KEYSTORE_KEY_PASSWORD-:password}
+echo "[2.0] Create $OUT_P12_KEYSTORE from $IN_TLS_KEY and $IN_TLS_CRT"
+openssl pkcs12 -export -in "$IN_TLS_CRT" -inkey "$IN_TLS_KEY" -out "$OUT_P12_KEYSTORE" -name "$OUT_P12_KEYSTORE_KEY_ALIAS" -passout "pass:$OUT_P12_KEYSTORE_KEY_PASSWORD"
\ No newline at end of file