fix(jvm): consolidate caCert validation to init_containers and update docs

pkalsi97 · squakez · commit 13d4c0aa0fad · 2025-12-19T16:28:28.000+01:00
diff --git a/docs/modules/ROOT/partials/apis/camel-k-crds.adoc b/docs/modules/ROOT/partials/apis/camel-k-crds.adoc
@@ -7801,8 +7801,7 @@ string
 |
 
 
-Path to a PEM-encoded CA certificate file. The file must be mounted
-by the user using the mount trait (e.g., mount.configs or mount.secrets).
+Path to a PEM-encoded CA certificate file.
 Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
 
 |`caCertMountPath` +
@@ -7819,7 +7818,6 @@ string
 
 
 Required when caCert is set. Path to a file containing the truststore password.
-The file must be mounted by the user using the mount trait.
 Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
 
 
diff --git a/docs/modules/traits/pages/jvm.adoc b/docs/modules/traits/pages/jvm.adoc
@@ -64,8 +64,7 @@ Deprecated: no longer in use.
 
 | jvm.ca-cert
 | string
-| Path to a PEM-encoded CA certificate file. The file must be mounted
-by the user using the mount trait (e.g., mount.configs or mount.secrets).
+| Path to a PEM-encoded CA certificate file.
 Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
 
 | jvm.ca-cert-mount-path
@@ -76,7 +75,6 @@ Default: "/etc/camel/conf.d/_truststore"
 | jvm.ca-cert-password
 | string
 | Required when caCert is set. Path to a file containing the truststore password.
-The file must be mounted by the user using the mount trait.
 Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
 
 |===
@@ -153,4 +151,3 @@ This will automatically:
 3. Configure the JVM to use the generated truststore via `-Djavax.net.ssl.trustStore`
 
 NOTE: The `ca-cert-password` option is **required** when using `ca-cert`. Both values must be file paths to the mounted secrets.
-
diff --git a/helm/camel-k/crds/camel-k-crds.yaml b/helm/camel-k/crds/camel-k-crds.yaml
@@ -4723,8 +4723,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -4735,7 +4734,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
@@ -7146,8 +7144,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -7158,7 +7155,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
@@ -9471,8 +9467,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -9483,7 +9478,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
@@ -11773,8 +11767,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -11785,7 +11778,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
@@ -20909,8 +20901,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -20921,7 +20912,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
@@ -23165,8 +23155,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -23177,7 +23166,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
@@ -33663,8 +33651,7 @@ spec:
                             type: array
                           caCert:
                             description: |-
-                              Path to a PEM-encoded CA certificate file. The file must be mounted
-                              by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                              Path to a PEM-encoded CA certificate file.
                               Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                             type: string
                           caCertMountPath:
@@ -33675,7 +33662,6 @@ spec:
                           caCertPassword:
                             description: |-
                               Required when caCert is set. Path to a file containing the truststore password.
-                              The file must be mounted by the user using the mount trait.
                               Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                             type: string
                           classpath:
@@ -35851,8 +35837,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -35863,7 +35848,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
diff --git a/pkg/apis/camel/v1/trait/jvm.go b/pkg/apis/camel/v1/trait/jvm.go
@@ -42,15 +42,13 @@ type JVMTrait struct {
 	Jar string `json:"jar,omitempty" property:"jar"`
 	// A list of JVM agents to download and execute with format `<agent-name>;<agent-url>[;<jvm-agent-options>]`.
 	Agents []string `json:"agents,omitempty" property:"agents"`
-	// Path to a PEM-encoded CA certificate file. The file must be mounted
-	// by the user using the mount trait (e.g., mount.configs or mount.secrets).
+	// Path to a PEM-encoded CA certificate file.
 	// Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
 	CACert string `json:"caCert,omitempty" property:"ca-cert"`
 	// The path where the generated truststore will be mounted.
 	// Default: "/etc/camel/conf.d/_truststore"
 	CACertMountPath string `json:"caCertMountPath,omitempty" property:"ca-cert-mount-path"`
 	// Required when caCert is set. Path to a file containing the truststore password.
-	// The file must be mounted by the user using the mount trait.
 	// Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
 	CACertPassword string `json:"caCertPassword,omitempty" property:"ca-cert-password"`
 }
diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml
@@ -1474,8 +1474,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -1486,7 +1485,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
@@ -3897,8 +3895,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -3909,7 +3906,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml
@@ -1342,8 +1342,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -1354,7 +1353,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
@@ -3644,8 +3642,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -3656,7 +3653,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml
@@ -8156,8 +8156,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -8168,7 +8167,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
@@ -10412,8 +10410,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -10424,7 +10421,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
diff --git a/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml b/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml
@@ -8212,8 +8212,7 @@ spec:
                             type: array
                           caCert:
                             description: |-
-                              Path to a PEM-encoded CA certificate file. The file must be mounted
-                              by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                              Path to a PEM-encoded CA certificate file.
                               Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                             type: string
                           caCertMountPath:
@@ -8224,7 +8223,6 @@ spec:
                           caCertPassword:
                             description: |-
                               Required when caCert is set. Path to a file containing the truststore password.
-                              The file must be mounted by the user using the mount trait.
                               Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                             type: string
                           classpath:
@@ -10400,8 +10398,7 @@ spec:
                         type: array
                       caCert:
                         description: |-
-                          Path to a PEM-encoded CA certificate file. The file must be mounted
-                          by the user using the mount trait (e.g., mount.configs or mount.secrets).
+                          Path to a PEM-encoded CA certificate file.
                           Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"
                         type: string
                       caCertMountPath:
@@ -10412,7 +10409,6 @@ spec:
                       caCertPassword:
                         description: |-
                           Required when caCert is set. Path to a file containing the truststore password.
-                          The file must be mounted by the user using the mount trait.
                           Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"
                         type: string
                       classpath:
diff --git a/pkg/trait/jvm.go b/pkg/trait/jvm.go
@@ -158,11 +158,7 @@ func (t *jvmTrait) Apply(e *Environment) error {
 		args = append(args, httpProxyArgs...)
 	}
 
-	caCertArgs, err := t.configureCaCert()
-	if err != nil {
-		return err
-	}
-	if caCertArgs != nil {
+	if caCertArgs := t.configureCaCert(); caCertArgs != nil {
 		args = append(args, caCertArgs...)
 	}
 
@@ -379,17 +375,13 @@ func getLegacyCamelQuarkusDependenciesPaths() *sets.Set {
 }
 
 // configureCACert configures the CA certificate truststore and returns the JVM arguments.
-func (t *jvmTrait) configureCaCert() ([]string, error) {
-	if err := t.validateCACertConfig(); err != nil {
-		return nil, err
-	}
-
+func (t *jvmTrait) configureCaCert() []string {
 	if t.CACert == "" {
-		return nil, nil
+		return nil
 	}
 
 	return []string{
 		"-Djavax.net.ssl.trustStore=" + t.getTrustStorePath(),
 		fmt.Sprintf("-Djavax.net.ssl.trustStorePassword=$(%s)", truststorePasswordEnvVar),
-	}, nil
+	}
 }
diff --git a/pkg/trait/jvm_test.go b/pkg/trait/jvm_test.go

Original file line number	Diff line number	Diff line change
`@@ -158,11 +158,7 @@ func (t jvmTrait) Apply(e Environment) error {`
`158`	`158`	`args = append(args, httpProxyArgs...)`
`159`	`159`	`}`
`160`	`160`
`161`		`- caCertArgs, err := t.configureCaCert()`
`162`		`- if err != nil {`
`163`		`- return err`
`164`		`- }`
`165`		`- if caCertArgs != nil {`
	`161`	`+ if caCertArgs := t.configureCaCert(); caCertArgs != nil {`
`166`	`162`	`args = append(args, caCertArgs...)`
`167`	`163`	`}`
`168`	`164`
`@@ -379,17 +375,13 @@ func getLegacyCamelQuarkusDependenciesPaths() *sets.Set {`
`379`	`375`	`}`
`380`	`376`
`381`	`377`	`// configureCACert configures the CA certificate truststore and returns the JVM arguments.`
`382`		`-func (t *jvmTrait) configureCaCert() ([]string, error) {`
`383`		`- if err := t.validateCACertConfig(); err != nil {`
`384`		`- return nil, err`
`385`		`- }`
`386`		`-`
	`378`	`+func (t *jvmTrait) configureCaCert() []string {`
`387`	`379`	`if t.CACert == "" {`
`388`		`- return nil, nil`
	`380`	`+ return nil`
`389`	`381`	`}`
`390`	`382`
`391`	`383`	`return []string{`
`392`	`384`	`"-Djavax.net.ssl.trustStore=" + t.getTrustStorePath(),`
`393`	`385`	`fmt.Sprintf("-Djavax.net.ssl.trustStorePassword=$(%s)", truststorePasswordEnvVar),`
`394`		`- }, nil`
	`386`	`+ }`
`395`	`387`	`}`