Okay, got so far already

Signed-off-by: Moritz Schmitz von Hülst <[email protected]>

.github/tests/java-spiffe-helper.yaml

@@ -5,49 +5,54 @@ metadata:
   name: java-spiffe-helper
 data:
   java-spiffe-helper.properties: |
-    keyStorePath=keystore.p12
+    keyStorePath=/test/keystore.p12
     keyStorePass=password
     keyPass=password
-    trustStorePath=truststore.p12
+    trustStorePath=/test/truststore.p12
     trustStorePass=password
     keyStoreType=pkcs12
     keyAlias=spiffe
     spiffeSocketPath=unix:/run/spire/agent-sockets/spire-agent.sock
 ---
-apiVersion: apps/v1
-kind: Deployment
+apiVersion: v1
+kind: Pod
 metadata:
   name: java-spiffe-helper
   labels:
     app: java-spiffe-helper
 spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: java-spiffe-helper
-  template:
-    metadata:
-      name: java-spiffe-helper
-      labels:
-        app: java-spiffe-helper
-    spec:
-      containers:
-        - name: java-spiffe-helper
-          image: java-spiffe-helper:test
-          imagePullPolicy: IfNotPresent
-          volumeMounts:
-            - name: properties
-              mountPath: /app/java-spiffe-helper.properties
-              subPath: java-spiffe-helper.properties
-            - name: spire-sockets
-              mountPath: /run/spire/agent-sockets
-              readOnly: true
-      restartPolicy: Always
-      volumes:
+  initContainers:
+    - name: java-spiffe-helper
+      image: java-spiffe-helper:test
+      imagePullPolicy: IfNotPresent
+      volumeMounts:
+        - name: test
+          mountPath: /test
         - name: properties
-          configMap:
-            name: java-spiffe-helper
+          mountPath: /app/java-spiffe-helper.properties
+          subPath: java-spiffe-helper.properties
         - name: spire-sockets
-          hostPath:
-            path: /run/spire/agent-sockets
-            type: DirectoryOrCreate
+          mountPath: /run/spire/agent-sockets
+          readOnly: true
+  containers:
+    - name: wait
+      image: busybox
+      volumeMounts:
+        - name: test
+          mountPath: /test
+      command:
+        - /bin/bash
+        - -c
+      args:
+        - while true; do sleep 1; done
+  restartPolicy: Never
+  volumes:
+    - name: test
+      emptyDir: {}
+    - name: properties
+      configMap:
+        name: java-spiffe-helper
+    - name: spire-sockets
+      hostPath:
+        path: /run/spire/agent-sockets
+        type: DirectoryOrCreate

.github/workflows/test.yaml

@@ -27,10 +27,19 @@ jobs:
       - run: helm upgrade --install -n spire-server spire spire --repo https://spiffe.github.io/helm-charts-hardened/ -f .github/tests/spire-values.yaml
       - run: docker exec kind-control-plane crictl images
       - run: kubectl apply -f .github/tests/java-spiffe-helper.yaml
-      - run: kubectl wait deployment/java-spiffe-helper --for condition=Ready --timeout=90s
+      - run: kubectl wait pod/java-spiffe-helper --for condition=Ready --timeout=90s
       - if: ${{ success() }}
-        run: kubectl logs deployment/java-spiffe-helper
+        run: kubectl logs pod/java-spiffe-helper
       - if: ${{ failure() }}
         run: kubectl describe pods -lapp=java-spiffe-helper
       - if: ${{ failure() }}
-        run: kubectl logs -p deployment/java-spiffe-helper
+        run: kubectl logs -p pod/java-spiffe-helper
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+      - run: which keytool
+      - run: kubectl cp java-spiffe-helper:/test/keystore.p12 keystore.p12
+      - run: keytool -list -keystore keystore.p12 -alias spiffe -storepass password
+      - run: kubectl cp java-spiffe-helper:/test/truststore.p12 truststore.p12
+      - run: keytool -list -keystore truststore.p12 -alias spiffe -storepass password