template.yaml

apiVersion: v1
kind: Template
metadata:
  name: java-template
objects:
- apiVersion: v1
  kind: BuildConfig
  metadata:
    labels:
      app: ${APPLICATION_NAME}
    name: ${APPLICATION_NAME}
  spec:
    output:
      to:
        kind: ImageStreamTag
        name: ${APPLICATION_NAME}:latest
    postCommit: {}
    resources: {}
    runPolicy: Serial
    source:
      git:
        uri: "https://github.com/domenicbove/openshift-ssl-client"
        ref: "master"
    strategy:
      sourceStrategy:
        from:
          kind: DockerImage
          name: registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift
      type: Source
    triggers:
    - type: ConfigChange
- apiVersion: v1
  kind: ImageStream
  metadata:
    labels:
      app: ${APPLICATION_NAME}
    name: ${APPLICATION_NAME}
- apiVersion: v1
  kind: DeploymentConfig
  metadata:
    labels:
      app: ${APPLICATION_NAME}
    name: ${APPLICATION_NAME}
  spec:
    replicas: 1
    selector:
      deploymentconfig: ${APPLICATION_NAME}
    template:
      metadata:
        labels:
          app: ${APPLICATION_NAME}
          deploymentconfig: ${APPLICATION_NAME}
      spec:
        containers:
        - env:
          - name: JAVA_OPTIONS
            value: -Djavax.net.ssl.trustStore=/var/run/secrets/java.io/keystores/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          image: ${APPLICATION_NAME}
          name: ${APPLICATION_NAME}
          volumeMounts:
            - name: keystore-volume
              mountPath: /var/run/secrets/java.io/keystores
        initContainers:
        - name: pem-to-truststore
          image: registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1-16
          env:
            - name: ca_bundle
              value: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
            - name: truststore_jks
              value: /var/run/secrets/java.io/keystores/truststore.jks
            - name: password
              value: changeit
          command: ['/bin/bash']
          args: ['-c', "keytool -importkeystore -srckeystore $JAVA_HOME/jre/lib/security/cacerts -srcstoretype JKS -destkeystore $truststore_jks -storepass changeit -srcstorepass changeit && csplit -z -f crt- $ca_bundle '/-----BEGIN CERTIFICATE-----/' '{*}' && for file in crt-*; do keytool -import -noprompt -keystore $truststore_jks -file $file -storepass changeit -alias service-$file; done"]
          volumeMounts:
            - name: keystore-volume
              mountPath: /var/run/secrets/java.io/keystores
        volumes:
          - name: keystore-volume
            emtpyDir: {}
    triggers:
    - imageChangeParams:
        automatic: true
        containerNames:
        - ${APPLICATION_NAME}
        from:
          kind: ImageStreamTag
          name: ${APPLICATION_NAME}:latest
      type: ImageChange
parameters:
- name: APPLICATION_NAME
  description: The name for the application.
  displayName: Application name
  value: ssl-client
  required: true