-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
Proposed title of this feature request: Native JKS support in Service CA.
Description of problem:
For some use cases like secure inter-pod communication for Java-based applications (e.g., Kafka clusters) using Service CA-issued certificates, it is required to be created manually like this: https://developers.redhat.com/blog/2017/11/22/dynamically-creating-java-keystores-openshift
Java applications often require certificates in JKS (Java Key Store) format. The OpenShift Service CA only support certificates and keys in PEM format. Customers must manually implement a workaround, like using init-containers to run openssl and keytool commands at pod startup and converts the PEM files into the required JKS format. If the Service CA is natively able to support and inject JKS-formatted keystores (like keystore.jks, truststore.jks) into secrets, alongside the existing PEM files, could help. I think this could be triggered by a new annotation on the service or deployment.
2. What is the nature and description of the request?
To be able to consume JKS certificates in a more easy way.
3. Why does the customer need this? (List the business requirements here)
To avoid the manual workarounds.
4. List any affected packages or components.
ServiceCA
