Add CA certificates to the java keystore
This topic describes how to add CA certificates to the java keystore in a Kubernetes deployment. The following approach mounts the directory containing the SSL certificates from the Agent pod as a shared volume. The SSL certificates are then accessible to the Spark driver/executor pods, allowing them to establish a secure SSL/TLS connection with the email server and/or data source.
Steps
- Mount the directory containing the SSL certificates in the Agent pod to a shared volume. This can be done in the deployment or pod configuration file for the Agent pod in Kubernetes. For example, you can add a volume and volumeMounts section to the Agent pod's configuration file like this:
- Modify the Spark driver/executor pod's configuration to mount the shared volume containing the SSL certificates from the Agent pod. This can be done in the Spark configuration or pod configuration file. For example, you can add a volume and volumeMounts section to the Spark driver/executor pod's configuration file like this:
- Update the Java options for the Spark driver/executor pods to specify the path to the SSL certificates in the shared volume. You can do this by adding the
-Djavax.net.ssl.trustStoreand-Djavax.net.ssl.trustStorePasswordoptions to the Spark driver/executor pod's configuration file, like this: - Replace
/path/to/agent/certswith the actual path to the shared volume where the SSL certificates are mounted in the Spark driver/executor pods, andyour_keystore_passwordwith the actual password for the keystore that contains the SSL certificates. - Restart the Spark driver/executor pods to apply the changes.
Copy
volumes:
- name: certs
hostPath:
path: /etc/pki/ca-trust/extracted/java/cacertsCopy
volumes:
- name: certs
hostPath:
path: /path/to/agent/certsCopy
javaOptions:
- "-Djavax.net.ssl.trustStore=/path/to/agent/certs/cacerts"
- "-Djavax.net.ssl.trustStorePassword=your_keystore_password"