Logo

dev-resources.site

for different kinds of informations.

Custom Root CA in spring-boot:build-image

Published at
4/12/2023
Categories
springbootmavenplugin
springboot
buildpack
docker
Author
Eduardo Issao Ito
Main Article
https://dev.to/adzubla/custom-root-ca-in-spring-bootbuild-image-n2c
Categories
4 categories in total
springbootmavenplugin
open
springboot
open
buildpack
open
docker
open
Custom Root CA in spring-boot:build-image

The Spring Framework has a very useful feature which is the generation of a docker image through the spring-boot-maven-plugin. Simply running mvn spring-boot:build-image will create a docker compatible OCI image.

But if you are behind a corporate proxy, this error is likely to happen:

[INFO]     [creator]       BellSoft Liberica JRE 17.0.6: Contributing to layer

[INFO]     [creator]         Downloading from https://github.com/bell-sw/Liberica/releases/download/17.0.6+10/bellsoft-jre17.0.6+10-linux-amd64.tar.gz

[INFO]     [creator]     unable to invoke layer creator

[INFO]     [creator]     unable to get dependency jre

[INFO]     [creator]     unable to download https://github.com/bell-sw/Liberica/releases/download/17.0.6+10/bellsoft-jre17.0.6+10-linux-amd64.tar.gz

[INFO]     [creator]     unable to request https://github.com/bell-sw/Liberica/releases/download/17.0.6+10/bellsoft-jre17.0.6+10-linux-amd64.tar.gz

[INFO]     [creator]     Get https://github.com/bell-sw/Liberica/releases/download/17.0.6+10/bellsoft-jre17.0.6+10-linux-amd64.tar.gz: x509: certificate signed by unknown authority

[INFO]     [creator]     ERROR: failed to build: exit status 1

This happens because the corporation's certificate used in the proxy server is not known by the build process. When the buildpack tries download needed artifacts used inside the build process, it stops because the certificate is not trusted.

spring-boot-maven-plugin uses Cloud Native Buildpacks under the hood, and it allows some customization of the build process.

We need to put our corporate root CA certificates into the buildpack. For this we will create the files mycert.cer and type in the structure below:

.
β”œβ”€β”€ pom.xml
└── src
    └── main
        └── bindings
            └── ca-certificates
                β”œβ”€β”€ mycert.cer
                └── type

src/main/bindings/ca-certificates/mycert.cer:

-----BEGIN CERTIFICATE-----
Base64–encoded certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Base64–encoded certificate
-----END CERTIFICATE-----

src/main/bindings/ca-certificates/type:

ca-certificates

The following Maven configuration will add the certificate to the buildpack.

pom.xml:

<plugin>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-maven-plugin</artifactId>
    <configuration>
        <image>
            <env>
                <SERVICE_BINDING_ROOT>/bindings</SERVICE_BINDING_ROOT>
            </env>
            <bindings>
                <binding>${project.basedir}/src/main/bindings/ca-certificates:/bindings/ca-certificates</binding>
            </bindings>
        </image>
    </configuration>
</plugin>

Now, mvn spring-boot:build-image should work!

Articles
12 articles in total
Favicon
Resumo Kubernetes
Favicon
Check for newer versions of dependencies in pom.xml
Favicon
Changing the JVM in spring-boot:build-image
Favicon
Changing the base Linux image in spring-boot:build-image
Favicon
Custom Root CA in spring-boot:build-image
Favicon
Getting http status in curl
Favicon
DB2 backup/restore schema
Favicon
Using MTLS
Favicon
Convert OpenAPI spec to JSON Schema
Favicon
Json validation with OpenAPI Schema
Favicon
SFTP server in Ubuntu
Favicon
Using multiple JMS servers with Spring Boot

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech