rgolangh · April 4, 2024 06:35
diff --git a/pods-with-cert-init.yaml b/pods-with-cert-init.yaml
 apiVersion: v1
 kind: Pod
 metadata:
  name: root-ca-to-cacerts
 spec:
  initContainers:
    - name:  add-kube-root-ca-to-cacerts
      image: registry.access.redhat.com/ubi9/openjdk-21
      volumeMounts:
        - mountPath: /opt/new-cacerts
          name: new-cacerts 
      command:
        - /bin/bash
        - -c
        - |
          cp $JAVA_HOME/lib/security/cacerts /opt/new-cacerts/
          chmod +w /opt/new-cacerts/cacerts
          keytool -importcert -no-prompt -keystore /opt/new-cacerts/cacerts -storepass changeit -file /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 
  containers:
    - command:
      - /bin/bash
      - -c
      - |
        curl -L https://gist.githubusercontent.com/rgolangh/b949d8617709d10ba6c690863e52f259/raw/bdea4d757a05b75935bbb57f3f05635f13927b34/Main.java -o curl.java
        java -Djavax.net.ssl.trustStore=/opt/new-cacerts/cacerts curl.java https://kubernetes
      image: registry.access.redhat.com/ubi9/openjdk-21
      imagePullPolicy: Always
      name: openjdk-21
      volumeMounts:
      - mountPath: /opt/new-cacerts
        name: new-cacerts
        readOnly: true
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-5npmd
        readOnly: true
  volumes:
  - name: new-cacerts
    emptyDir: {}
  - name: kube-api-access-5npmd
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
	apiVersion: v1
	kind: Pod
	metadata:
	name: root-ca-to-cacerts
	spec:
	initContainers:
	- name: add-kube-root-ca-to-cacerts
	image: registry.access.redhat.com/ubi9/openjdk-21
	volumeMounts:
	- mountPath: /opt/new-cacerts
	name: new-cacerts
	command:
	- /bin/bash
	- -c
	- \|
	cp $JAVA_HOME/lib/security/cacerts /opt/new-cacerts/
	chmod +w /opt/new-cacerts/cacerts
	keytool -importcert -no-prompt -keystore /opt/new-cacerts/cacerts -storepass changeit -file /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
	containers:
	- command:
	- /bin/bash
	- -c
	- \|
	curl -L https://gist.githubusercontent.com/rgolangh/b949d8617709d10ba6c690863e52f259/raw/bdea4d757a05b75935bbb57f3f05635f13927b34/Main.java -o curl.java
	java -Djavax.net.ssl.trustStore=/opt/new-cacerts/cacerts curl.java https://kubernetes
	image: registry.access.redhat.com/ubi9/openjdk-21
	imagePullPolicy: Always
	name: openjdk-21
	volumeMounts:
	- mountPath: /opt/new-cacerts
	name: new-cacerts
	readOnly: true
	- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	name: kube-api-access-5npmd
	readOnly: true
	volumes:
	- name: new-cacerts
	emptyDir: {}
	- name: kube-api-access-5npmd
	projected:
	defaultMode: 420
	sources:
	- serviceAccountToken:
	expirationSeconds: 3607
	path: token
	- configMap:
	items:
	- key: ca.crt
	path: ca.crt
	name: kube-root-ca.crt
	- downwardAPI:
	items:
	- fieldRef:
	apiVersion: v1
	fieldPath: metadata.namespace
	path: namespace
No results found