Init containers are executed before Pod's container. We can use them to manage utilities or setup scripts not present in an app image. Resulting YAML can look like following:
initContainers:
- resources: {}
terminationMessagePath: /dev/termination-log
name: pem-to-truststore
command:
- /bin/bash
env:
- name: ca_bundle
value: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
- name: truststore_jks
value: /var/run/secrets/java.io/keystores/truststore.jks
- name: password
value: changeit
imagePullPolicy: IfNotPresent
volumeMounts:
- name: keystore-volume
mountPath: /var/run/secrets/java.io/keystores
terminationMessagePolicy: File
image: 'registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1-16'
args:
- '-c'
- >-
csplit -z -f crt- $ca_bundle '/-----BEGIN CERTIFICATE-----/' '{*}'
&& for file in crt-*; do keytool -import -noprompt -keystore
$truststore_jks -file $file -storepass secret -alias
service-$file; done
(reference of applying one such in https://developers.redhat.com/blog/2017/11/22/dynamically-creating-java-keystores-openshift/)
Init containers are executed before Pod's container. We can use them to manage utilities or setup scripts not present in an app image. Resulting YAML can look like following:
(reference of applying one such in https://developers.redhat.com/blog/2017/11/22/dynamically-creating-java-keystores-openshift/)