From a1586d6a0cc383e4cece8f50b65868be4aacf04c Mon Sep 17 00:00:00 2001
From: Jan Zickermann <jan.zickermann@dataport.de>
Date: Fri, 13 Dec 2024 14:41:55 +0100
Subject: [PATCH] #2 OZG-7121 helm: Add keystore-truststore-from-tls-secret
 image

---
 .gitlab-ci.yml                                  | 11 +++++++++++
 keystore-truststore-from-tls-secret.dockerfile  |  9 +++++++++
 src/main/helm/templates/deployment.yaml         | 12 +-----------
 .../keystore-truststore-from-tls-secret.sh      | 17 +++++++++++++++++
 4 files changed, 38 insertions(+), 11 deletions(-)
 create mode 100644 keystore-truststore-from-tls-secret.dockerfile
 create mode 100755 src/main/resources/store/keystore-truststore-from-tls-secret.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 909e48e..5ef8d6f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -143,3 +143,14 @@ push-release-image-nexus:
     - mvn deploy -Pnexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
   rules:
     - if: $CI_COMMIT_TAG
+
+
+# Extra jobs
+push-keystore-assembler-image-nexus:
+  stage: publish
+  script:
+    - docker build -f keystore-truststore-from-tls-secret.dockerfile -t keystore-truststore-from-tls-secret:latest .
+    - echo "$NEXUS_PASSWORD" | docker login -u "$NEXUS_USER" --password-stdin nexus.ozg-sh.de
+    - docker tag keystore-truststore-from-tls-secret:latest docker.ozg-sh.de/keystore-truststore-from-tls-secret:latest
+    - docker push docker.ozg-sh.de/keystore-truststore-from-tls-secret:latest
+  when: manual
\ No newline at end of file
diff --git a/keystore-truststore-from-tls-secret.dockerfile b/keystore-truststore-from-tls-secret.dockerfile
new file mode 100644
index 0000000..1d8a2c6
--- /dev/null
+++ b/keystore-truststore-from-tls-secret.dockerfile
@@ -0,0 +1,9 @@
+FROM alpine:3.21
+
+RUN apk add --no-cache openssl openjdk11
+
+COPY src/main/resources/store/keystore-truststore-from-tls-secret.sh ./
+
+VOLUME /store /tls
+
+ENTRYPOINT [ "/bin/sh", "keystore-truststore-from-tls-secret.sh" ]
\ No newline at end of file
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index 904a7ab..b0aa5db 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -59,17 +59,7 @@ spec:
             app.kubernetes.io/name: {{ .Release.Name }}
       initContainers:
         - name: init-keystore-and-truststore
-          image: alpine:3.21
-          command: [ "/bin/sh", "-c" ]
-          args:
-            - |
-              apk add --no-cache openssl openjdk11
-
-              echo "[1.0] Import Root CA into Xta-Server-Truststore"
-              keytool -importcert -alias xta-test-root-ca -keystore /store/keystore.jks -storetype JKS -storepass password -file /tls/ca.crt -noprompt
-
-              # Create a PKCS#12 keystore from tls.crt and tls.key
-              openssl pkcs12 -export -in /tls/tls.crt -inkey /tls/tls.key -out /store/keystore.p12 -name xta-test-server -passout pass:password
+          image: docker.ozg-sh.de/keystore-truststore-from-tls-secret:latest
           volumeMounts:
             - name: xta-test-server-tls-store
               mountPath: "/tls/"
diff --git a/src/main/resources/store/keystore-truststore-from-tls-secret.sh b/src/main/resources/store/keystore-truststore-from-tls-secret.sh
new file mode 100755
index 0000000..1c89348
--- /dev/null
+++ b/src/main/resources/store/keystore-truststore-from-tls-secret.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+IN_CA_CRT=${IN_CA_CRT-:/tls/ca.crt}
+IN_TLS_KEY=${IN_TLS_KEY-:/tls/tls.key}
+IN_TLS_CRT=${IN_TLS_CRT-:/tls/tls.crt}
+
+OUT_JKS_TRUSTSTORE=${OUT_JKS_TRUSTSTORE-:/store/truststore.jks}
+OUT_JKS_TRUSTSTORE_KEY_ALIAS=${OUT_JKS_TRUSTSTORE_KEY_ALIAS-:xta-test-root-ca}
+OUT_JKS_TRUSTSTORE_KEY_PASSWORD=${OUT_JKS_TRUSTSTORE_KEY_PASSWORD-:password}
+echo "[1.0] Create $OUT_JKS_TRUSTSTORE from $IN_CA_CRT"
+keytool -importcert -alias "$OUT_JKS_TRUSTSTORE_KEY_ALIAS" -keystore "$OUT_JKS_TRUSTSTORE" -storetype JKS -storepass "$OUT_JKS_TRUSTSTORE_KEY_PASSWORD" -file "$IN_CA_CRT" -noprompt
+
+OUT_P12_KEYSTORE=${OUT_P12_KEYSTORE-:/store/keystore.p12}
+OUT_P12_KEYSTORE_KEY_ALIAS=${OUT_P12_KEYSTORE_KEY_ALIAS-:xta-test-server}
+OUT_P12_KEYSTORE_KEY_PASSWORD=${OUT_P12_KEYSTORE_KEY_PASSWORD-:password}
+echo "[2.0] Create $OUT_P12_KEYSTORE from $IN_TLS_KEY and $IN_TLS_CRT"
+openssl pkcs12 -export -in "$IN_TLS_CRT" -inkey "$IN_TLS_KEY" -out "$OUT_P12_KEYSTORE" -name "$OUT_P12_KEYSTORE_KEY_ALIAS" -passout "pass:$OUT_P12_KEYSTORE_KEY_PASSWORD"
\ No newline at end of file
-- 
GitLab