feat(FSADT1-739): certificate volume claim (#149)

* feat: certificate volume claim

adding volume claim to certificate to allow for faster deployments

* fix: fixing name

* chore: updating init container for testing

* fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v3.0.5

* chore: updating init container for testing

* chore: updating init container for testing

* feat: moving init from java to shell

* chore: adding cert secret

* fix: setting a version for the dockerfile

---------

Co-authored-by: Renovate Bot <renovate@whitesourcesoftware.com>

Author: Paulo Gomes da Cruz Junior

Dockerfile

@@ -1,19 +1,19 @@
-FROM eclipse-temurin:17.0.6_10-jdk-alpine@sha256:a765a97826df90554f3d3a98be5586012bbc53593876f669ff4b2e68717be71d
-
-WORKDIR /app
+FROM alpine:3.17.3@sha256:b6ca290b6b4cdcca5b3db3ffa338ee0285c11744b4a6abaa9627746ee3291d8d
 
 ENV LANG en_CA.UTF-8
 ENV LANGUAGE en_CA.UTF-8
 ENV LC_ALL en_CA.UTF-8
 
+RUN apk --no-cache add openssl openjdk8
+
+RUN which openssl
+RUN which keytool
+
 COPY startup.sh .
-COPY InstallCert.java .
 
-RUN chmod g+w /app && \
-    chmod g+x startup.sh && \
-    chmod g+w ${JAVA_HOME}/lib/security/cacerts
+RUN chmod g+x startup.sh
 
 # Non-privileged user
 USER app
 
-ENTRYPOINT ["sh", "startup.sh"]
+ENTRYPOINT ["sh", "startup.sh"]

InstallCert.java

@@ -58,6 +58,9 @@ parameters:
   - name: ORACLEDB_SECRET
     description: Oracle database keystore secret/password
     required: true
+  - name: CERT_PVC_SIZE
+    description: The amount of storage the cert PVC should have
+    value: 25Mi
 objects:
   - apiVersion: v1
     kind: Secret
@@ -88,6 +91,19 @@ objects:
             name: ${REGISTRY}/${PROMOTE}
           referencePolicy:
             type: Local
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+      labels:
+        app: ${NAME}-${ZONE}
+      name: ${NAME}-${ZONE}-${COMPONENT}
+    spec:
+      accessModes:
+        - ReadWriteMany
+      resources:
+        requests:
+          storage: ${CERT_PVC_SIZE}
+      storageClassName: netapp-file-standard
   - apiVersion: v1
     kind: DeploymentConfig
     metadata:
@@ -117,8 +133,9 @@ objects:
             deploymentconfig: ${NAME}-${ZONE}-${COMPONENT}
         spec:
           volumes:
-            - name: certs
-              emptyDir: {}
+            - name: ${NAME}-${ZONE}-${COMPONENT}
+              persistentVolumeClaim:
+                claimName: ${NAME}-${ZONE}-${COMPONENT}
           initContainers:
             - name: ${NAME}-init
               image: ${REGISTRY}/bcgov/${NAME}/init:${ZONE}
@@ -129,11 +146,16 @@ objects:
                     secretKeyRef:
                       name: ${NAME}-${ZONE}-${COMPONENT}
                       key: oracle-host
+                - name: ORACLEDB_SECRET
+                  valueFrom:
+                    secretKeyRef:
+                      name: ${NAME}-${ZONE}-${COMPONENT}
+                      key: oracle-secret
                 - name: ORACLEDB_PORT
                   value: "1543"
               volumeMounts:
-                - mountPath: /cert
-                  name: certs
+                - name: ${NAME}-${ZONE}-${COMPONENT}
+                  mountPath: /cert
               resources:
                 limits:
                   cpu: ${CPU_LIMIT}
@@ -211,7 +233,7 @@ objects:
                 timeoutSeconds: 5
               volumeMounts:
                 - mountPath: /cert
-                  name: certs
+                  name: ${NAME}-${ZONE}-${COMPONENT}
   - apiVersion: v1
     kind: Service
     metadata:

openshift.deploy.yml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.0.4</version>
+		<version>3.0.5</version>
 		<relativePath />
 	</parent>