Adding SSL certificate in Distroless Image(Java Application)

Question

I have a Java application containerized (docker) based on Distroless and I would like to add an SSL certificate in JVM's store.

I see an option like using Docker's RUN command to import the SSL certificate into JVM store using Java keytool option, but since Distroless doesn't come with Shell I couldn't able to use RUN command.

Is there a best way to add an SSL certificate into cacerts-Java with Distroless as Base image?

Fleshgrinder · Answer 1 · 2019-04-19T14:17:58.263

We can use the exec form to write the command which doesn’t require a shell.

FROM gcr.io/distroless/java@sha256:da8aa0fa074d0ed9c4b71ad15af5dffdf6afdd768efbe2f0f7b0d60829278630
COPY my.crt /tmp/my.crt
RUN [\
 "/usr/lib/jvm/java-11-openjdk-amd64/bin/keytool",\
 "-import",\
 "-trustcacerts",\
 "-cacerts",\
 "-noprompt",\
 "-storepass",\
 "changeit",\
 "-alias",\
 "my",\
 "-file",\
 "/tmp/my.crt"\
]

Be sure to adjust the command to your needs!

Adding SSL certificate in Distroless Image(Java Application)

1 Answers1