how can JAVA_OPTIONS added in deployconfig in OpenshiftContainer

572 Views Asked by At

I am trying to add below JAVA_OPTIONS in deployconfig in OpenshiftContainer but is throwing syntax error .Could anyone help me how to add parameters in OpenshiftContainer please JAVA_OPTIONS

-Djavax.net.ssl.trustStore={KEYSTORE_PATH}/cacerts.ts,
-Djavax.net.ssl.trustStorePassword=changeit,
Djavax.net.ssl.keyStore=${KEYSTORE_PATH}/keystore.pkcs12-Djavax.net.ssl.keyStorePassword=${KEYSTORE_PASS}
-Djava.awt.headless=true,

deploymentConfig as json:

{
            "apiVersion": "apps.openshift.io/v1",
            "kind": "DeploymentConfig",
            "metadata": {
                "labels": {
                    "app": "${APP_NAME}"
                },
                "name": "${APP_NAME}"
            },
            "spec": {
                "replicas": 1,
                "selector": {
                    "app": "${APP_NAME}",
                    "deploymentconfig": "${APP_NAME}"
                },
                "strategy": null,
                "template": {
                    "metadata": {
                        "labels": {
                            "app": "${APP_NAME}",
                            "deploymentconfig": "${APP_NAME}"
                        }
                    },
                    "spec": {
                        "containers": [
                            {
                                "env": [
                                    {
                                        "name": "SPRING_PROFILE",
                                        "value": "migration"
                                    },
                                    {
                                        "name": "JAVA_MAIN_CLASS",
                                        "value": "com.agcs.Application"
                                    },
                                    {
                                        "name": "JAVA_OPTIONS",
                                        "value":"-Djavax.net.ssl.trustStore={KEYSTORE_PATH}/cacerts.ts",
                                                 "-Djavax.net.ssl.trustStorePassword=changeit",
                                                -Djavax.net.ssl.keyStore=${KEYSTORE_PATH}/keystore.pkcs12
                                               -Djavax.net.ssl.keyStorePassword=${KEYSTORE_PASS}
                                                -Djava.awt.headless=true,
                                    },
                                    {
                                        "name": "MONGO_AUTH_DB",
                                        "valueFrom": {
                                            "secretKeyRef": {
                                                "key": "spring.data.mongodb.authentication-database",
                                                "name": "mongodb-secret"
                                            }
                                        }
                                    },
                                    
                                    
                                ],
        
                                "image": "${IMAGE_NAME}",
                                "imagePullPolicy": "Always",
                                "name": "${APP_NAME}",
                                "ports": [
                                    {
                                        "containerPort": 8103,
                                        "protocol": "TCP"
                                    }
                                ],
                                
                                "resources": {
                                    "limits": {
                                        "cpu": "500m",
                                        "memory": "1Gi"
                                    },
                                    "requests": {
                                        "cpu": "500m",
                                        "memory": "500Mi"
                                    }
                                },
                                "volumeMounts":[
                                    {
                                        "name": "secret-volume",
                                        "mountPath": "/mnt/secrets",
                                        "readOnly": true
                                    }
                                ]
                            
                            }
                        ],
                        "volumes": [
                            {
                                "name": "secret-volume",
                                "secret": {
                                    "secretName": "keystore-new"
                                }
                            }
                        ]
                        
                    }
                }
            }
        }
1

There are 1 best solutions below

1
On
{
    "name": "JAVA_OPTIONS",
    "value":"-Djavax.net.ssl.trustStore={KEYSTORE_PATH}/cacerts.ts",
             "-Djavax.net.ssl.trustStorePassword=changeit",
            -Djavax.net.ssl.keyStore=${KEYSTORE_PATH}/keystore.pkcs12
           -Djavax.net.ssl.keyStorePassword=${KEYSTORE_PASS}
            -Djava.awt.headless=true,
},

This is invalid json, as the key value can only have one value, while you have provided multiple comma separated strings.

JAVA_OPTIONS isn't a standard environment variable, so we don't know how it's processed but maybe this will work?

{
    "name": "JAVA_OPTIONS",
    "value":"-Djavax.net.ssl.trustStore={KEYSTORE_PATH}/cacerts.ts -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore=${KEYSTORE_PATH}/keystore.pkcs12 -Djavax.net.ssl.keyStorePassword=${KEYSTORE_PASS} -Djava.awt.headless=true"
},

But there's still probably an issue, because it seems like {KEYSTORE_PATH} is supposed to be a variable. That's not defined or expanded in this file. For a first attempt, probably just hardcode the values of all these variables.

For secrets (such as passwords) you can hardcode some value for initial testing, but please use OpenShift Secrets for formal testing and the actual deployment.