chanjarster/tomcat-jmx-non-ssl.yaml

## tomcat-jmx-non-ssl.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat-jmx-non-ssl
  namespace: default
spec:
  selector:
    matchLabels:
      app: tomcat-jmx-non-ssl
  replicas: 1
  template:
    metadata:
      labels:
        app: tomcat-jmx-non-ssl
    spec:
      containers:
      - name: tomcat-jmx-non-ssl
        image: tomcat:8-alpine
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          name: http
        - containerPort: 1100
          name: tcp-jmx
        env:
        - name: "CATALINA_OPTS"
          value: |-
            -Dcom.sun.management.jmxremote
            -Dcom.sun.management.jmxremote.authenticate=false
            -Dcom.sun.management.jmxremote.ssl=false
            -Dcom.sun.management.jmxremote.port=1100
            -Dcom.sun.management.jmxremote.rmi.port=1100
            -Djava.rmi.server.hostname=localhost

## tomcat-jmx-ssl.yaml
# 先执行以下命令创建ssl
# kubectl -n <namespace> create secret generic jmx-ssl \
#      --from-file=java-app.keystore \
#      --from-file=java-app.truststore
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat-jmx-ssl
spec:
  selector:
    matchLabels:
      app: tomcat-jmx-ssl
  replicas: 1
  template:
    metadata:
      labels:
        app: tomcat-jmx-ssl
    spec:
      containers:
      - name: tomcat-jmx-ssl
        image: tomcat:8-alpine
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          name: http
        - containerPort: 1100
          name: tcp-jmx
        env:
        - name: "CATALINA_OPTS"
          value: |-
            -Dcom.sun.management.jmxremote
            -Dcom.sun.management.jmxremote.port=1100
            -Dcom.sun.management.jmxremote.rmi.port=1100
            -Djava.rmi.server.hostname=localhost
            -Dcom.sun.management.jmxremote.authenticate=false
            -Dcom.sun.management.jmxremote.ssl=true
            -Dcom.sun.management.jmxremote.registry.ssl=true
            -Dcom.sun.management.jmxremote.ssl.need.client.auth=true
            -Djavax.net.ssl.keyStore=/jmx-ssl/java-app.keystore
            -Djavax.net.ssl.keyStorePassword=<keystore password>
            -Djavax.net.ssl.trustStore=/jmx-ssl/java-app.truststore
            -Djavax.net.ssl.trustStorePassword=<truststore password>
        volumeMounts:
        - name: jmx-ssl-vol
          mountPath: /jmx-ssl
      volumes:
      - name: jmx-ssl-vol
        secret:
          secretName: jmx-ssl
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: tomcat-jmx-non-ssl
	namespace: default
	spec:
	selector:
	matchLabels:
	app: tomcat-jmx-non-ssl
	replicas: 1
	template:
	metadata:
	labels:
	app: tomcat-jmx-non-ssl
	spec:
	containers:
	- name: tomcat-jmx-non-ssl
	image: tomcat:8-alpine
	imagePullPolicy: Always
	ports:
	- containerPort: 80
	name: http
	- containerPort: 1100
	name: tcp-jmx
	env:
	- name: "CATALINA_OPTS"
	value: \|-
	-Dcom.sun.management.jmxremote
	-Dcom.sun.management.jmxremote.authenticate=false
	-Dcom.sun.management.jmxremote.ssl=false
	-Dcom.sun.management.jmxremote.port=1100
	-Dcom.sun.management.jmxremote.rmi.port=1100
	-Djava.rmi.server.hostname=localhost
	# 先执行以下命令创建ssl
	# kubectl -n <namespace> create secret generic jmx-ssl \
	# --from-file=java-app.keystore \
	# --from-file=java-app.truststore
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: tomcat-jmx-ssl
	spec:
	selector:
	matchLabels:
	app: tomcat-jmx-ssl
	replicas: 1
	template:
	metadata:
	labels:
	app: tomcat-jmx-ssl
	spec:
	containers:
	- name: tomcat-jmx-ssl
	image: tomcat:8-alpine
	imagePullPolicy: Always
	ports:
	- containerPort: 80
	name: http
	- containerPort: 1100
	name: tcp-jmx
	env:
	- name: "CATALINA_OPTS"
	value: \|-
	-Dcom.sun.management.jmxremote
	-Dcom.sun.management.jmxremote.port=1100
	-Dcom.sun.management.jmxremote.rmi.port=1100
	-Djava.rmi.server.hostname=localhost
	-Dcom.sun.management.jmxremote.authenticate=false
	-Dcom.sun.management.jmxremote.ssl=true
	-Dcom.sun.management.jmxremote.registry.ssl=true
	-Dcom.sun.management.jmxremote.ssl.need.client.auth=true
	-Djavax.net.ssl.keyStore=/jmx-ssl/java-app.keystore
	-Djavax.net.ssl.keyStorePassword=<keystore password>
	-Djavax.net.ssl.trustStore=/jmx-ssl/java-app.truststore
	-Djavax.net.ssl.trustStorePassword=<truststore password>
	volumeMounts:
	- name: jmx-ssl-vol
	mountPath: /jmx-ssl
	volumes:
	- name: jmx-ssl-vol
	secret:
	secretName: jmx-ssl