Jvm Trait

The JVM trait is used to configure the JVM that runs the Integration. This trait is configured only for Integration and related IntegrationKits (bound to a container image) built by Camel K operator. If the system detects the usage of a different container image (ie, built externally), then, the trait is disabled by the platform.

This trait is available in the following profiles: Kubernetes, Knative, OpenShift.

Configuration

Trait properties can be specified when running any integration with the CLI:

$ kamel run --trait jvm.[key]=[value] --trait jvm.[key2]=[value2] integration.yaml

The following configuration options are available:

Property Type Description

jvm.enabled

bool

Can be used to enable or disable a trait. All traits share this common property.

jvm.debug

bool

Activates remote debugging, so that a debugger can be attached to the JVM, e.g., using port-forwarding

jvm.debug-suspend

bool

Suspends the target JVM immediately before the main class is loaded

jvm.print-command

bool

Prints the command used the start the JVM in the container logs (default true) Deprecated: no longer in use.

jvm.debug-address

string

Transport address at which to listen for the newly launched JVM (default *:5005)

jvm.options

[]string

A list of JVM options

jvm.classpath

string

Additional JVM classpath (use Linux classpath separator)

jvm.jar

string

The Jar dependency which will run the application. Leave it empty for managed Integrations.

jvm.agents

[]string

A list of JVM agents to download and execute with format <agent-name>;<agent-url>[;<jvm-agent-options>].

jvm.ca-cert

string

The secret should contain PEM-encoded certificates. Example: "secret:my-ca-certs" or "secret:my-ca-certs/custom-ca.crt"

jvm.ca-cert-mount-path

string

The path where the generated truststore will be mounted Default: "/etc/camel/conf.d/_truststore"

jvm.ca-cert-password

string

Required when caCert is set. A secret reference containing the truststore password. If the secret key is not specified, "password" is used as the default key. Example: "secret:my-truststore-password" or "secret:my-truststore-password/mykey"

Usage of jar parameters

The jar parameter is something the user should not worry about, unless that, for any reason, he wants to specify which is the executable dependency to use. Mind that, in order to do that, the base image used to build the container require a java binary executable from path (ie, /usr/bin/java).

This parameters enables also the possibility to use the trait when running a self managed build Integrations. In such circumstances, the user can run a Camel application built externally and make use of the trait configuration as well as for example:

$ kamel run --image docker.io/squakez/my-camel-sb:1.0.0 -t jvm.jar=/deployments/my-camel-app.jar -t jvm.options=-Xmx1024M

The above command would allow the execution of the JVM trait given that the user specify the path to the jar to execute.

Jolokia agent configuration

You can use the jvm.agents configuration to run any given agent. Additionally you can use the other traits to expose any service provided by your agent. Take, as an example, the Jolokia JVM agent:

$ kamel run test.yaml -t jvm.agents=jolokia;https://repo1.maven.org/maven2/org/jolokia/jolokia-agent-jvm/2.3.0/jolokia-agent-jvm-2.3.0-javaagent.jar;host=* -t container.ports=jolokia;8778 -t service.ports=jolokia;8778;8778 -d camel:management

The Jolokia endpoint will be exposed to port 8778 on the Service created for this Integration.

JVM classpath

You can use jvm.classpath configuration with dependencies available externally (ie, via mount.resources trait):

kubectl create configmap my-dep --from-file=sample-1.0.jar
...
$ kamel run --resource configmap:my-dep -t jvm.classpath=/etc/camel/resources/my-dep/sample-1.0.jar MyApp.java

Trusting Custom CA Certificates

When connecting to services that use TLS with certificates signed by a private CA (e.g., internal Elasticsearch, Kafka, or databases), you can use the ca-cert option to add the CA certificate to the JVM’s truststore.

First, create a Kubernetes Secret containing the CA certificate:

kubectl create secret generic my-private-ca --from-file=ca.crt=/path/to/ca-certificate.pem

Next, create a Secret containing the truststore password:

kubectl create secret generic my-truststore-pwd --from-literal=password=mysecurepassword

Then reference both secrets when running the integration:

$ kamel run MyRoute.java -t jvm.ca-cert=secret:my-private-ca -t jvm.ca-cert-password=secret:my-truststore-pwd

If your certificate is stored under a different key in the secret:

$ kamel run MyRoute.java -t jvm.ca-cert=secret:my-private-ca/custom-ca.pem -t jvm.ca-cert-password=secret:my-truststore-pwd

This will automatically:

  1. Mount the CA certificate secret

  2. Generate a JVM truststore using an init container

  3. Configure the JVM to use the generated truststore via -Djavax.net.ssl.trustStore

  4. Inject the truststore password securely as an environment variable from your secret

The ca-cert-password option is required when using ca-cert. The password is never exposed in command-line arguments - it is injected as an environment variable from the secret.
Back to top