Skip to main content
The certificate file with .p12 extension is transferred to one of the Kubernetes Control Plane servers and moved/copied to the /etc/ssl/certs directory. While at the relevant address, the certificate file is uploaded to Kubernetes as a secret using the following command. 
kubectl create secret generic apinizer-portal-tls --from-file=portal.p12 -n apinizer-portal
If you only have a .jks extension file, a .p12 extension file can be created from this file as follows. Then the previous step is applied.To get the alias definition of the certificate, the following code is executed.
keytool -list -v -keystore  portal.p12 -storetype PKCS12
A .p12 extension file is created from the known .jks extension file with the alias definition.
keytool -genkeypair -alias <ALIAS> -keyalg RSA -keysize 4096 -storetype PKCS12 -keystore portal.p12 -validity 3650 -storepass <PASSWORD>
Variables to be defined:
VariableDescription
SSL_KEY_STOREPath to the keystore containing the SSL certificate. In our example, we want Spring Boot to search for it in the classpath.
SSL_KEY_STORE_PASSWORDPassword used to access the keystore.
SSL_KEY_STORE_TYPEType of keystore (Usage: PKCS12).
SSL_KEY_ALIASAlias identifying the key in the keystore.
SSL_ENABLEDEnables the Spring Boot application to use HTTPS protocol.
SERVER_PORTPort the server listens on. 8443 should be used.
An example deployment yaml file using certificate information will be as follows. 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: apinizer-portal
  namespace: apinizer-portal
spec:
  replicas: 1
  selector:
    matchLabels:
      app: apinizer-portal
      version: v1
  template:
    metadata:
      labels:
        app: apinizer-portal
        version: v1
    spec:
      volumes:
      - name: apinizer-portal-tls
        secret: 
          secretName: apinizer-portal-tls
      containers:
      - name: apinizer-portal
        image: apinizercloud/portal:<APINIZER_VERSION>
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 1
            memory: 2Gi
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - sleep 10
        ports:
        - containerPort: 8443
          protocol: TCP
        env:
        - name: SPRING_PROFILES_ACTIVE
          value: prod
        - name: JAVA_OPTS
          value: "-XX:MaxRAMPercentage=75.0"
        - name: SSL_KEY_STORE
          value: /etc/ssl/certs/portal.p12
        - name: SSL_KEY_STORE_PASSWORD
          value: <PASSWORD>
        - name: SSL_KEY_STORE_TYPE
          value: PKCS12
        - name: SSL_KEY_ALIAS
          value: <ALIAS>
        - name: SSL_ENABLED
          value: "true"
        - name: SERVER_PORT
          value: "8443"
        - name: API_PORTAL_MANAGEMENT_API_BASE_URL
          valueFrom:
            secretKeyRef:
              key: apinizerManagementApiBaseUrl
              name: apinizer-portal-secret
        - name: API_PORTAL_MANAGEMENT_API_KEY
          valueFrom:
            secretKeyRef:
              key: apiKey
              name: apinizer-portal-secret
        volumeMounts:
        - name: apinizer-portal-tls
          mountPath: /etc/ssl/certs
      dnsPolicy: ClusterFirst
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
  name: apinizer-portal-https-service
  namespace: apinizer-portal
  labels:
    app: apinizer-portal
spec:
  selector:
    app: apinizer-portal
  type: NodePort
  ports:
    - name: http
      port: 8443
      nodePort: 31843