This webhook injects a java truststore into a k8s ConfigMap containing pem certificates. If a ConfigMap is labelled to be injected with a java truststore, the webhook checks all existing data entries for pem certificates and adds all found fount to a java truststore file that is added as binary data.
Label a configmap where a java truststore should be injected.
kind: ConfigMap
apiVersion: v1
metadata:
labels:
jti.bakito.ch/inject-truststore: 'true'The default truststore file name is 'cacerts'
A different ConfigMap file name can be defined by adding the following label.
kind: ConfigMap
apiVersion: v1
metadata:
labels:
jti.bakito.ch/truststore-name: 'custom-truststore-name'The default truststore password is 'changeit'
A different ConfigMap file name can be defined by adding the following annotation.
kind: ConfigMap
apiVersion: v1
metadata:
annotations:
jti.bakito.ch/truststore-password": 'custom-password'java-truststore-injection-webhook can be installed via our Helm chart:
helm repo add bakito https://bakito.github.io/helm-charts
helm repo update
helm upgrade --install java-truststore-injection-webhook bakito/java-truststore-injection-webhook