Skip to main content
Certificate file with .p12 extension is transferred to one of Kubernetes Control Plane servers and moved/copied to /etc/ssl/certs directory. While at the relevant address, the certificate file is loaded to Kubernetes as a secret with the following command. 
kubectl create secret generic apinizer-portal-tls --from-file=portal.p12 -n apinizer-portal
If you only have a file with .jks extension, a file with .p12 extension can be created from this file as follows. Then the previous step is applied. To get the alias definition of the certificate, the following code is run. 
keytool -list -v -keystore portal.p12 -storetype PKCS12
A file with .p12 extension is created from the .jks extension file with known alias definition. 
keytool -genkeypair -alias <ALIAS> -keyalg RSA -keysize 4096 -storetype PKCS12 -keystore portal.p12 -validity 3650 -storepass <PASSWORD>
Variables to be defined:
VariableDescription
SSL_KEY_STOREPath of the key store containing SSL certificate. In our example, we want Spring Boot to search for this in classpath.
SSL_KEY_STORE_PASSWORDPassword used to access the key store.
SSL_KEY_STORE_TYPEType of the key store (Usage: PKCS12).
SSL_KEY_ALIASAlias identifying the key in the key store.
SSL_ENABLEDEnables Spring Boot application to use HTTPS protocol.
SERVER_PORTPort the server listens on. 8443 should be used.
An example deployment yaml file where certificate information is used will be as follows. 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: apinizer-portal
  namespace: apinizer-portal
spec:
  replicas: 1
  selector:
    matchLabels:
      app: apinizer-portal
      version: v1
  template:
    metadata:
      labels:
        app: apinizer-portal
        version: v1
    spec:
      volumes:
      - name: apinizer-portal-tls
        secret: 
          secretName: apinizer-portal-tls
      containers:
      - name: apinizer-portal
        image: apinizercloud/portal:<APINIZER_VERSION>
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 1
            memory: 2Gi
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - sleep 10
        ports:
        - containerPort: 8443
          protocol: TCP
        env:
        - name: SPRING_PROFILES_ACTIVE
          value: prod
        - name: JAVA_OPTS
          value: "-XX:MaxRAMPercentage=75.0"
        - name: SSL_KEY_STORE
          value: /etc/ssl/certs/portal.p12
        - name: SSL_KEY_STORE_PASSWORD
          value: <PASSWORD>
        - name: SSL_KEY_STORE_TYPE
          value: PKCS12
        - name: SSL_KEY_ALIAS
          value: <ALIAS>
        - name: SSL_ENABLED
          value: "true"
        - name: SERVER_PORT
          value: "8443"
        - name: API_PORTAL_MANAGEMENT_API_BASE_URL
          valueFrom:
            secretKeyRef:
              key: apinizerManagementApiBaseUrl
              name: apinizer-portal-secret
        - name: API_PORTAL_MANAGEMENT_API_KEY
          valueFrom:
            secretKeyRef:
              key: apiKey
              name: apinizer-portal-secret
        volumeMounts:
        - name: apinizer-portal-tls
          mountPath: /etc/ssl/certs
      dnsPolicy: ClusterFirst
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
  name: apinizer-portal-https-service
  namespace: apinizer-portal
  labels:
    app: apinizer-portal
spec:
  selector:
    app: apinizer-portal
  type: NodePort
  ports:
    - name: http
      port: 8443
      nodePort: 31843