pkalsi97 commented on code in PR #6416:
URL: https://github.com/apache/camel-k/pull/6416#discussion_r2617187899
##########
pkg/trait/jvm.go:
##########
@@ -368,3 +382,127 @@ func getLegacyCamelQuarkusDependenciesPaths() *sets.Set {
return s
}
+
+// parseSecretRef parses a secret reference in the format "secret:name" or
"secret:name/key".
+func parseSecretRef(ref string) (string, string, error) {
+ if !strings.HasPrefix(ref, "secret:") {
+ return "", "", fmt.Errorf("invalid CA cert reference %q: must
start with 'secret:'", ref)
+ }
+
+ ref = strings.TrimPrefix(ref, "secret:")
+ parts := strings.SplitN(ref, "/", 2)
+ secretName, secretKey := parts[0], ""
+
+ if len(parts) > 1 {
+ secretKey = parts[1]
+ }
+ if secretName == "" {
+ return "", "", errors.New("invalid CA cert reference: secret
name is empty")
+ }
+
+ return secretName, secretKey, nil
+}
+
+// configureCACert sets up the truststore for CA certificates.
+func (t *jvmTrait) configureCaCert(e *Environment) ([]string, error) {
+ if t.CACert == "" {
+ return nil, nil
+ }
+
+ secretName, secretKey, err := parseSecretRef(t.CACert)
+ if err != nil {
+ return nil, err
+ }
+
+ if secretKey == "" {
+ secretKey = "ca.crt"
+ }
+
+ mountPath := defaultCACertMountPath
+ if t.CACertMountPath != "" {
+ mountPath = t.CACertMountPath
+ }
+
+ // Use a deterministic password based on integration name to avoid
+ // changing the deployment spec on every reconciliation cycle.
+ // For a truststore i.e public CA certs only, security of this password
is not critical.
+ trustStorePass := "camelk-" + e.Integration.Name
+ trustStorePath := filepath.Join(mountPath, trustStoreName)
+
+ // add secret volume.
+ secretVolume := corev1.Volume{
+ Name: caCertSecretVolumeName,
+ VolumeSource: corev1.VolumeSource{
+ Secret: &corev1.SecretVolumeSource{
+ SecretName: secretName,
+ },
+ },
+ }
+
+ // add an emptyDir volume.
+ trustStoreVolume := corev1.Volume{
+ Name: caCertVolumeName,
+ VolumeSource: corev1.VolumeSource{
+ EmptyDir: &corev1.EmptyDirVolumeSource{},
+ },
+ }
+
+ // add volumes to deployment.
+ e.Resources.VisitDeployment(func(deployment *appsv1.Deployment) {
Review Comment:
Done, actually this makes so much sense and I somehow didn't stumble upon
it, if we use the mount trait then Volumes get applied to all and Volume mounts
are automatically added to init container.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
