Kpack: How to add a custom certificate into JVM truststore of a kpack generated Image

Question

I am using kpack to generate container images of a Java - Spring Boot app. I need the JVM in the generated container image to trust a custom self-signed certificate. How do I construct the required YAML(s) for this?

Answer 1

First, I assume you are using Paketo buildpacks, and the documentation explains how you can provide a CA certificate to your JVM Truststore, either at

• buildtime (if you use the same CA certificate for your image across your environments; that's the easiest solution since you just need to provide your CA cert during buildtime and the image is ready to be deployed) or at
• runtime (if your CA cert is going to be different across environments; that's a more complicated option since at deployment time, in kpack, you will need to provide and bind the CA certificate)

If you choose runtime, then you would need to create a service binding that would link to your CA certificate

Hope that helps!