Jvm Trait

The JVM trait is used to configure the JVM that runs the Integration. This trait is configured only for Integration and related IntegrationKits (bound to a container image) built by Camel K operator. If the system detects the usage of a different container image (ie, built externally), then, the trait is disabled by the platform.

This trait is available in the following profiles: Kubernetes, Knative, OpenShift.

Configuration

Trait properties can be specified when running any integration with the CLI:

$ kamel run --trait jvm.[key]=[value] --trait jvm.[key2]=[value2] integration.yaml

The following configuration options are available:

Property Type Description

jvm.enabled

bool

Can be used to enable or disable a trait. All traits share this common property.

jvm.debug

bool

Activates remote debugging, so that a debugger can be attached to the JVM, e.g., using port-forwarding

jvm.debug-suspend

bool

Suspends the target JVM immediately before the main class is loaded

jvm.print-command

bool

Prints the command used the start the JVM in the container logs (default true) Deprecated: no longer in use.

jvm.debug-address

string

Transport address at which to listen for the newly launched JVM (default *:5005)

jvm.options

[]string

A list of JVM options

jvm.classpath

string

Additional JVM classpath (use Linux classpath separator)

jvm.jar

string

The Jar dependency which will run the application. Leave it empty for managed Integrations.

jvm.agents

[]string

A list of JVM agents to download and execute with format <agent-name>;<agent-url>[;<jvm-agent-options>].

jvm.ca-cert

string

Path to a PEM-encoded CA certificate file. Example: "/etc/camel/conf.d/_secrets/my-ca/ca.crt"

jvm.ca-cert-mount-path

string

The path where the generated truststore will be mounted. Default: "/etc/camel/conf.d/_truststore"

jvm.ca-cert-password

string

Required when caCert is set. Path to a file containing the truststore password. Example: "/etc/camel/conf.d/_secrets/truststore-pass/password"

Usage of jar parameters

The jar parameter is something the user should not worry about, unless that, for any reason, he wants to specify which is the executable dependency to use. Mind that, in order to do that, the base image used to build the container require a java binary executable from path (ie, /usr/bin/java).

This parameters enables also the possibility to use the trait when running a self managed build Integrations. In such circumstances, the user can run a Camel application built externally and make use of the trait configuration as well as for example:

$ kamel run --image docker.io/squakez/my-camel-sb:1.0.0 -t jvm.jar=/deployments/my-camel-app.jar -t jvm.options=-Xmx1024M

The above command would allow the execution of the JVM trait given that the user specify the path to the jar to execute.

Jolokia agent configuration

You can use the jvm.agents configuration to run any given agent. Additionally you can use the other traits to expose any service provided by your agent. Take, as an example, the Jolokia JVM agent:

$ kamel run test.yaml -t jvm.agents=jolokia;https://repo1.maven.org/maven2/org/jolokia/jolokia-agent-jvm/2.3.0/jolokia-agent-jvm-2.3.0-javaagent.jar;host=* -t container.ports=jolokia;8778 -t service.ports=jolokia;8778;8778 -d camel:management

The Jolokia endpoint will be exposed to port 8778 on the Service created for this Integration.

JVM classpath

You can use jvm.classpath configuration with dependencies available externally (ie, via mount.resources trait):

kubectl create configmap my-dep --from-file=sample-1.0.jar
...
$ kamel run --resource configmap:my-dep -t jvm.classpath=/etc/camel/resources/my-dep/sample-1.0.jar MyApp.java

Trusting Custom CA Certificates

When connecting to services that use TLS with certificates signed by a private CA (e.g., internal Elasticsearch, Kafka, or databases), you can use the ca-cert option to add the CA certificate to the JVM’s truststore.

First, create Kubernetes Secrets containing the CA certificate and truststore password:

kubectl create secret generic my-private-ca --from-file=ca.crt=/path/to/ca-certificate.pem
kubectl create secret generic my-truststore-pwd --from-literal=password=mysecurepassword

Then mount the secrets using the mount trait and reference the file paths:

$ kamel run MyRoute.java \
  -t mount.configs=secret:my-private-ca \
  -t mount.configs=secret:my-truststore-pwd \
  -t jvm.ca-cert=/etc/camel/conf.d/_secrets/my-private-ca/ca.crt \
  -t jvm.ca-cert-password=/etc/camel/conf.d/_secrets/my-truststore-pwd/password

If your secret uses a different key name for the certificate:

$ kamel run MyRoute.java \
  -t mount.configs=secret:my-private-ca \
  -t mount.configs=secret:my-truststore-pwd \
  -t jvm.ca-cert=/etc/camel/conf.d/_secrets/my-private-ca/custom-ca.pem \
  -t jvm.ca-cert-password=/etc/camel/conf.d/_secrets/my-truststore-pwd/password

This will automatically:

  1. Mount the secrets to the integration container (via mount trait)

  2. Generate a JVM truststore using an init container

  3. Configure the JVM to use the generated truststore via -Djavax.net.ssl.trustStore

The ca-cert-password option is required when using ca-cert. Both values must be file paths to the mounted secrets.
Back to top