create a secret from a trusstore/keystore file
kubectl create secret generic mytruststore --from-file=../actor1_trust.jkscreate yaml that installs the secret on a volume
---
apiVersion: v1
kind: Pod
metadata:
name: debug-jks-files
spec:
containers:
- command:
- sleep
- "3600"
name: debug-jks-files
image: eclipse-temurin:18
volumeMounts:
# name must match the volume name below
- name: jks-volume
mountPath: /var/jks-volume
volumes:
- name: jks-volume
secret:
secretName: mytruststore
create a pod from the yaml
kubectl create -f pod.yamlshell into the pod container and verify the keystore is accessible and instact
kubectl exec -it debug-jks-files -- /bin/bash
# then inspect the jks file with keytool:
keytool -list -keystore /var/jks-volume/actor1_trust.jks and you should see something like
root@debug-jks-files:/# keytool -list -keystore /var/jks-volume/actor1_trust.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
actor1, Oct 14, 2022, trustedCertEntry,
Certificate fingerprint (SHA-256): B5:38:19:D0:F6:3B:1B:83:11:11:29:82:AC:86:81:63:9C:D9:32:E2:63:6D:90:9E:18:D3:3E:0A:66:1E:7B:11
actor2, Oct 14, 2022, trustedCertEntry,
Certificate fingerprint (SHA-256): 9D:F9:01:BB:04:3B:0F:52:05:E7:79:39:52:97:2C:C3:38:8F:21:FF:96:1A:A2:E0:63:51:D0:A8:20:59:DA:F1
root@debug-jks-files:/#