钥匙斗篷-
我知道自从这个问题被问到以来已经过去了很多时间,但是在我们的案例中,问题是没有在KeyCloak中使用邮件服务器的证书指定信任存储。为了做到这一点,您可以在密钥库中导入证书并遵循官方留档,这表明:
bin/kc.[sh|bat] start --spi-truststore-file-file=path/to/truststore.jks --spi-truststore-file-password=change_me --spi-truststore-file-hostname-verification-policy=WILDCARD
在我们的例子中,我们使用库伯内特斯并将证书保存在一个秘密中,让我们将其称为秘密与证书。配置如下所示:
spec:
containers:
- env
# this variable is specific to bitnami image, for jboss it will probably be different name
- name: KEYCLOAK_EXTRA_ARGS
value: >-
--spi-truststore-file-file=/opt/bitnami/keycloak/certs/truststore/truststore.jks
--spi-truststore-file-password=changeit
image: bitnami/keycloak:19.0.3
volumeMounts:
# this location is specific to the bitnami image for keycloak, for the jboss image it should be a different path
- mountPath: /opt/bitnami/keycloak/certs/truststore
name: truststore-jks
...
initContainers:
name: prepare-tls-certs
image: azul/zulu-openjdk:17
- args:
- >
keytool -keystore /tmp/certs/truststore.jks -storetype JKS -importcert
-file /certs/truststore/mail.crt -storepass changeit -alias mail-cert
-noprompt;
command:
- /bin/sh
- '-c'
volumeMounts:
- mountPath: /certs/truststore
name: truststore-certs
- mountPath: /tmp/certs
name: truststore-jks
volumes:
- name: truststore-certs
secret:
secretName: secret-with-certs
- emptyDir: {}
name: truststore-jks
