Welcome to Knowage Q&A, where you can ask questions and receive answers from other members of the community.

Categories

Most popular tags

cockpit dataset error chart datasource installer datasets installation widget parameters business-model olap knowage knowage_7_1 integration login knowage_7_1-ce report-designer cross-navigation analyticaldriver

how to add a self signed certificate in knowage server trust store ?

0 votes
1 view

Hello, we have a project where Knowage, deployed on a kubernetes cluster (using docker image and knowage-helm chart) needs to communicate using REST datasets, targeting a server delivering a self signed certificate, how can we import this certificate into the jvm truststore, to be able to request the server without invalid cert error !

possibly by avoiding to patch the knowage server docker image, or just to add a script which import the file at start time, using keytool, but by provisioning the certificate file through helm chart, values.yaml file and configMap.

meaning, we'd like to add the certificate at deployment step, and before the jvm start, the script use keytool to import the certificate in the trustore.

Does anyone experienced such case, and can give us positive feedback that it will works, even an example is more than welcome !

My idea is to take inspiration on nifi helm chart from cetic : https://github.com/cetic/helm-nifi/blob/master/templates/statefulset.yaml, but is it the simplest way to do ?

Thanks in advance for any help

Environment Knowage version 8.0.5, with helm chart
in Docker by (670 points)
edited by

1 Answer

0 votes
 
Best answer
Hi,

thank you for your post.

We don't support truststore in our Helm chart: in fact, we are using the default JVM trustore provided by the base image of OpenJDK.

I have to admint that internally we consider the Helm chart a way to get KNOWAGE fast but we don't use it for complex deployment: we actually render the Helm chart then we patch the result with Kustomize; I really suggest you to take a look a it.

In your case, if you want to consider a 2-step procedure to deploy and manage your installation you can rely on the common Java environment variable for options, the JAVA_OPTS. You create a trustore on your local machine, mount the truststore somewhere inside the KNOWAGE container and set the JAVA_OPTS like

JAVA_OPTS="-Djavax.net.ssl.trustStore=/home/knowage/trustore -Djavax.net.ssl.trustStorePassword=set-password-here"

With Kustomize, you could reference the original Helm chart on GitHub and apply patches automatically. See:

https://cloud.google.com/anthos-config-management/docs/how-to/use-repo-kustomize-helm?hl=it#render_a_remote_helm_chart

I hope you will consider Kustomize because we use it everyday with great results.
by (5.1k points)
selected by
Powered by Question2Answer
...