tenancy-fixer.yaml

kind: Service
apiVersion: v1
metadata:
  namespace: kubeflow-extension
  name: tenancy-fixer
  labels:
    app: tenancy-fixer
spec:
  ports:
    - name: https
      protocol: TCP
      port: 443
      targetPort: 8080
  selector:
    app: tenancy-fixer
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tenancy-fixer
  namespace: kubeflow-extension
  labels:
    app: tenancy-fixer
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tenancy-fixer
  template:
    metadata:
      labels:
        app: tenancy-fixer
      name: tenancy-fixer
      namespace: kubeflow-extension
    spec:
      initContainers:
        - name: pem-to-keystore
          image: registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1-16
          env:
            - name: keyfile
              value: /certs/tls.key
            - name: crtfile
              value: /certs/tls.crt
            - name: keystore_pkcs12
              value: /var/run/secrets/java.io/keystores/keystore.pkcs12
            - name: keystore_jks
              value: /var/run/secrets/java.io/keystores/keystore.jks
            - name: password
              # password is the default value in quarkus's CertificateConfig
              value: password
          command: ['/bin/bash']
          args: ['-c', "openssl pkcs12 -export -inkey $keyfile -in $crtfile -out $keystore_pkcs12 -password pass:$password && keytool -importkeystore -noprompt -srckeystore $keystore_pkcs12 -srcstoretype pkcs12 -destkeystore $keystore_jks -storepass $password -srcstorepass $password"]
          volumeMounts:
            - name: certs-volume
              mountPath: /certs
              readOnly: true
            - name: keystore-volume
              mountPath: /var/run/secrets/java.io/keystores
      containers:
        - name: tenancy-fixer
          image: keeyzar/tenancy-fixer-jvm
          env:
            - name: JAVA_OPTIONS
              value: -Dquarkus.http.host=0.0.0.0
                -Dquarkus.http.ssl-port=8080
                -Dquarkus.http.ssl.certificate.key-store-file=/var/run/secrets/java.io/keystores/keystore.jks 
                -Dquarkus.http.ssl.certificate.key-store-password=password
                -Djava.util.logging.manager=org.jboss.logmanager.LogManager
          volumeMounts:
            - name: certs-volume
              mountPath: /certs
              readOnly: true
            - name: keystore-volume
              mountPath: /var/run/secrets/java.io/keystores
      volumes:
        - name: certs-volume
          secret:
            secretName: tenancy-fixer-tls
        - name: keystore-volume
          emptyDir: {}