pkalsi97 opened a new pull request, #6441:
URL: https://github.com/apache/camel-k/pull/6441
This PR improves the JVM trait's CA certificate handling to address the
issues reported in #6432.
Features:
- **Multiple CA Certificates Support**: using `ca-certs`, each certificate
can be imported with a unique alias (`custom-ca-0`, `custom-ca-1`, etc.)
- **System Truststore Integration**: `ca-cert-use-system-truststore` option
when enabled copies JDK's default `cacerts` before adding custom certificates
- **Optional Password**: `ca-cert-password` is now optional, defaults to
JDK's standard password `changeit` when not specified
- Added 3 new E2E Test to verify the working
Fix:
- Clarified in API comments that `ca-cert` and `ca-certs` properties expect
*paths* to mounted files, not secret names
#### Examples
##### Simple (single cert, default password)
```bash
kamel run MyRoute.java \
-t mount.configs=secret:my-ca \
-t jvm.ca-certs=/etc/camel/conf.d/_secrets/my-ca/ca.crt
```
##### Multiple Certificates
```bash
kamel run MyRoute.java \
-t mount.configs=secret:ca1 \
-t mount.configs=secret:ca2 \
-t jvm.ca-certs=/etc/camel/conf.d/_secrets/ca1/ca.crt \
-t jvm.ca-certs=/etc/camel/conf.d/_secrets/ca2/ca.crt
```
##### With System Truststore (preserve public CAs)
```bash
kamel run MyRoute.java \
-t mount.configs=secret:my-ca \
-t jvm.ca-certs=/etc/camel/conf.d/_secrets/my-ca/ca.crt \
-t jvm.ca-cert-use-system-truststore=true
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
