Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

import custom CA and intermediate certs #940

Open
danseo-reisys opened this issue Nov 6, 2023 · 1 comment
Open

import custom CA and intermediate certs #940

danseo-reisys opened this issue Nov 6, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@danseo-reisys
Copy link

Describe the bug

we are on chart 4.1.3

we have a need to import several custom CA and intermediate certs to our jenkins.

can you provide an example of custominitcontainer that can import multiple CA and intermediate certs (crt, pem) ?

i have tried few methods from different thread but not having success.

i have tried this one but getting errors.

master:
customInitContainers:

  • name: add-ca-certs
    image: "jenkins/jenkins:lts"
    imagePullPolicy: Always
    env:
    • name: CA_CERTS_BASE64
      value: "..."
      command:
    • "sh"
    • "-c"
    • echo $CA_CERTS_BASE64 | base64 -d > /tmp/custom-ca-certs.crt
      && cat /etc/ssl/certs/ca-certificates.crt /tmp/custom-ca-certs.crt > /cacerts-share/ca-certificates.crt
      && cp ${JAVA_HOME}/jre/lib/security/cacerts /cacerts-share/cacerts
      && chmod 644 /cacerts-share/cacerts
      && ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias custom-ca-certs -keystore /cacerts-share/cacerts -file /tmp/custom-ca-certs.crt -noprompt -storepass changeit
      volumeMounts:
    • name: cacerts-share
      mountPath: /cacerts-share
      persistence:
      volumes:
  • name: cacerts-share
    emptyDir: {}
    mounts:
  • mountPath: /etc/ssl/certs/ca-certificates.crt
    name: cacerts-share
    subPath: ca-certificates.crt
  • mountPath: /usr/local/openjdk-8/jre/lib/security/cacerts
    name: cacerts-share
    subPath: cacerts

=============================
getting following events.

50m Warning FailedCreate statefulset/jenkins create Pod jenkins-0 in StatefulSet jenkins failed error: Pod "jenkins-0" is invalid: [spec.initContainers[0].volumeMounts[0].name: Not found: "cacerts", spec.initContainers[0].volumeMounts[1].name: Not found: "certs"]
2s Warning FailedCreate statefulset/jenkins create Pod jenkins-0 in StatefulSet jenkins failed error: Pod "jenkins-0" is invalid: spec.initContainers[0].volumeMounts[0].name: Not found: "cacerts-share"

Version of Helm and Kubernetes

- Helm: 
version.BuildInfo{Version:"v3.12.0", GitCommit:"c9f554d75773799f72ceef38c51210f1842a1dea", GitTreeState:"clean", GoVersion:"go1.20.3"}

- Kubernetes: 1.26.3

Chart version

4.1.3

What happened?

please see above

What you expected to happen?

import self signed CA and intermediate certs

How to reproduce it

helm upgrade jenkins jenkins/jenkins -f jenkins-values3.yaml.tls --set controller.jenkinsUrl='https://xxxxxxxxxx/'

Anything else we need to know?

No response
@danseo-reisys danseo-reisys added the bug Something isn't working label Nov 6, 2023
@lemeurherve
Copy link
Member

Duplicate of #880

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danseo-reisys @lemeurherve