Skip to content

Commit c87fea2

Browse files
committed
fix(nx-cloud): make Java security path detection robust
This change improves the Java security directory detection in initContainers by: 1. Creating a centralized ConfigMap with a script that dynamically finds Java security directories across different distributions and versions 2. Updating both nx-api-deployment and aggregator-cron templates to use this script 3. Adding proper volume mounts and references in the helper templates The script prioritizes Amazon Corretto installations but includes fallbacks for other Java distributions. It checks multiple common security directory locations to ensure compatibility with various Java versions. This fixes issues when updating Java images where hardcoded paths may no longer exist.
1 parent b1cdb9f commit c87fea2

File tree

5 files changed

+63
-3
lines changed

5 files changed

+63
-3
lines changed

charts/nx-cloud/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v2
22
name: nx-cloud
33
description: Nx Cloud Helm Chart
44
type: application
5-
version: 0.15.17
5+
version: 0.16.0-rc.1
66
maintainers:
77
- name: nx
88
url: "https://nx.app/"

charts/nx-cloud/templates/_helpers.tpl

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,9 @@ volumes:
186186
- configMap:
187187
name: {{ if and $isNxApi $preBuiltJavaCertStoreConfigMap }}{{ $preBuiltJavaCertStoreConfigMap }}{{ else }}{{ $selfSigned }}{{ end }}
188188
name: self-signed-certs-volume
189+
- configMap:
190+
name: nx-cloud-java-security-script
191+
name: java-security-script
189192
{{- end }}
190193
{{- if $resourceClass }}
191194
- configMap:

charts/nx-cloud/templates/nx-cloud-aggregator-cron.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ spec:
1010
- command:
1111
- sh
1212
- -c
13-
- cp -r /usr/lib/jvm/java-17-amazon-corretto/jre/lib/security /cacerts
13+
- /scripts/find-java-security.sh
1414
image: {{ include "nxCloud.images.aggregator.image" . }}
1515
name: copy-cacerts
1616
{{- if .Values.aggregator.securityContext }}
@@ -20,6 +20,8 @@ spec:
2020
volumeMounts:
2121
- mountPath: /cacerts
2222
name: cacerts
23+
- mountPath: /scripts
24+
name: java-security-script
2325
{{- end}}
2426
containers:
2527
- name: nx-cloud-aggregator
Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
{{- if .Values.selfSignedCertConfigMap }}
2+
apiVersion: v1
3+
kind: ConfigMap
4+
metadata:
5+
name: nx-cloud-java-security-script
6+
namespace: {{ .Values.global.namespace }}
7+
labels:
8+
{{- include "nxCloud.app.labels" . | indent 4 }}
9+
data:
10+
find-java-security.sh: |
11+
#!/bin/sh
12+
# For Amazon Corretto, find the security directory dynamically
13+
if [ -n "$JAVA_HOME" ]; then
14+
# Use JAVA_HOME if available
15+
JAVA_PATH="$JAVA_HOME"
16+
else
17+
# Look for Corretto installations first
18+
for DIR in /usr/lib/jvm/java-*-amazon-corretto* /usr/lib/jvm/amazon-corretto-*; do
19+
if [ -d "$DIR" ]; then
20+
JAVA_PATH="$DIR"
21+
break
22+
fi
23+
done
24+
25+
# Fallback to any Java installation if Corretto not found
26+
if [ -z "$JAVA_PATH" ]; then
27+
for DIR in /usr/lib/jvm/* /usr/java/*; do
28+
if [ -d "$DIR" ]; then
29+
JAVA_PATH="$DIR"
30+
break
31+
fi
32+
done
33+
fi
34+
fi
35+
36+
# Check various possible security directory locations
37+
if [ -d "$JAVA_PATH/jre/lib/security" ]; then
38+
# Path found in some Corretto distributions, including Corretto 17
39+
cp -r "$JAVA_PATH/jre/lib/security" /cacerts
40+
elif [ -d "$JAVA_PATH/lib/security" ]; then
41+
# Alternative path in some Corretto and OpenJDK distributions
42+
cp -r "$JAVA_PATH/lib/security" /cacerts
43+
elif [ -d "$JAVA_PATH/conf/security" ]; then
44+
# Another alternative location in some JDK distributions
45+
cp -r "$JAVA_PATH/conf/security" /cacerts
46+
else
47+
echo "Could not find Java security directory in Corretto installation"
48+
# List all potential security directories for debugging
49+
find /usr/lib/jvm -name "security" -type d 2>/dev/null
50+
exit 1
51+
fi
52+
echo "Successfully copied Java security files from $JAVA_PATH to /cacerts"
53+
{{- end }}

charts/nx-cloud/templates/nx-cloud-nx-api-deployment.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ spec:
3636
- command:
3737
- sh
3838
- -c
39-
- cp -r /usr/lib/jvm/java-17-amazon-corretto/jre/lib/security /cacerts
39+
- /scripts/find-java-security.sh
4040
image: {{ include "nxCloud.images.nxApi.image" . }}
4141
name: copy-cacerts
4242
{{- if .Values.nxApi.securityContext }}
@@ -46,6 +46,8 @@ spec:
4646
volumeMounts:
4747
- mountPath: /cacerts
4848
name: cacerts
49+
- mountPath: /scripts
50+
name: java-security-script
4951
{{- end}}
5052
containers:
5153
- name: nx-cloud-nx-api

0 commit comments

Comments
 (0)