diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 909e48e0754c59151d03939dd198243419f58697..5ef8d6faf961ef1bcbca52a06bc913c0b368c641 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -143,3 +143,14 @@ push-release-image-nexus: - mvn deploy -Pnexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS rules: - if: $CI_COMMIT_TAG + + +# Extra jobs +push-keystore-assembler-image-nexus: + stage: publish + script: + - docker build -f keystore-truststore-from-tls-secret.dockerfile -t keystore-truststore-from-tls-secret:latest . + - echo "$NEXUS_PASSWORD" | docker login -u "$NEXUS_USER" --password-stdin nexus.ozg-sh.de + - docker tag keystore-truststore-from-tls-secret:latest docker.ozg-sh.de/keystore-truststore-from-tls-secret:latest + - docker push docker.ozg-sh.de/keystore-truststore-from-tls-secret:latest + when: manual \ No newline at end of file diff --git a/keystore-truststore-from-tls-secret.dockerfile b/keystore-truststore-from-tls-secret.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..1d8a2c6f49e44000a10893449525a40ff7c58098 --- /dev/null +++ b/keystore-truststore-from-tls-secret.dockerfile @@ -0,0 +1,9 @@ +FROM alpine:3.21 + +RUN apk add --no-cache openssl openjdk11 + +COPY src/main/resources/store/keystore-truststore-from-tls-secret.sh ./ + +VOLUME /store /tls + +ENTRYPOINT [ "/bin/sh", "keystore-truststore-from-tls-secret.sh" ] \ No newline at end of file diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml index 904a7abb143a875a54995a0cbc3a27447080c615..b0aa5db7112088027d2cc4f0f6ad2c41f706718f 100644 --- a/src/main/helm/templates/deployment.yaml +++ b/src/main/helm/templates/deployment.yaml @@ -59,17 +59,7 @@ spec: app.kubernetes.io/name: {{ .Release.Name }} initContainers: - name: init-keystore-and-truststore - image: alpine:3.21 - command: [ "/bin/sh", "-c" ] - args: - - | - apk add --no-cache openssl openjdk11 - - echo "[1.0] Import Root CA into Xta-Server-Truststore" - keytool -importcert -alias xta-test-root-ca -keystore /store/keystore.jks -storetype JKS -storepass password -file /tls/ca.crt -noprompt - - # Create a PKCS#12 keystore from tls.crt and tls.key - openssl pkcs12 -export -in /tls/tls.crt -inkey /tls/tls.key -out /store/keystore.p12 -name xta-test-server -passout pass:password + image: docker.ozg-sh.de/keystore-truststore-from-tls-secret:latest volumeMounts: - name: xta-test-server-tls-store mountPath: "/tls/" diff --git a/src/main/resources/store/keystore-truststore-from-tls-secret.sh b/src/main/resources/store/keystore-truststore-from-tls-secret.sh new file mode 100755 index 0000000000000000000000000000000000000000..1c89348913b5e2b57ca87d68525fabd94b045e93 --- /dev/null +++ b/src/main/resources/store/keystore-truststore-from-tls-secret.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +IN_CA_CRT=${IN_CA_CRT-:/tls/ca.crt} +IN_TLS_KEY=${IN_TLS_KEY-:/tls/tls.key} +IN_TLS_CRT=${IN_TLS_CRT-:/tls/tls.crt} + +OUT_JKS_TRUSTSTORE=${OUT_JKS_TRUSTSTORE-:/store/truststore.jks} +OUT_JKS_TRUSTSTORE_KEY_ALIAS=${OUT_JKS_TRUSTSTORE_KEY_ALIAS-:xta-test-root-ca} +OUT_JKS_TRUSTSTORE_KEY_PASSWORD=${OUT_JKS_TRUSTSTORE_KEY_PASSWORD-:password} +echo "[1.0] Create $OUT_JKS_TRUSTSTORE from $IN_CA_CRT" +keytool -importcert -alias "$OUT_JKS_TRUSTSTORE_KEY_ALIAS" -keystore "$OUT_JKS_TRUSTSTORE" -storetype JKS -storepass "$OUT_JKS_TRUSTSTORE_KEY_PASSWORD" -file "$IN_CA_CRT" -noprompt + +OUT_P12_KEYSTORE=${OUT_P12_KEYSTORE-:/store/keystore.p12} +OUT_P12_KEYSTORE_KEY_ALIAS=${OUT_P12_KEYSTORE_KEY_ALIAS-:xta-test-server} +OUT_P12_KEYSTORE_KEY_PASSWORD=${OUT_P12_KEYSTORE_KEY_PASSWORD-:password} +echo "[2.0] Create $OUT_P12_KEYSTORE from $IN_TLS_KEY and $IN_TLS_CRT" +openssl pkcs12 -export -in "$IN_TLS_CRT" -inkey "$IN_TLS_KEY" -out "$OUT_P12_KEYSTORE" -name "$OUT_P12_KEYSTORE_KEY_ALIAS" -passout "pass:$OUT_P12_KEYSTORE_KEY_PASSWORD" \ No newline at end of file