On 23.03.22 at 10:50 Johannes Kastl wrote:
> This approach did work, putting the following into the deployment specification:
>
>> - name: 389server-certs
>> secret:
>> secretName: my-tls-secret
>> items:
>> - key: tls.key
>> path: /data/tls/server.key
>> - key: tls.crt
>> path: /data/tls/server.crt
>
Copied the wrong (non-working) version of the code... :-)
This one works, even when mounting the secret on top of the volume that is
needed to preserve the persistent data:
> volumeMounts:
> - name: 389server-data
> mountPath: '/data/'
> - name: 389server-certs
> mountPath: '/data/tls/'
> readOnly: true
[...]
> volumes:
> - name: 389server-data
> persistentVolumeClaim:
> claimName: 389server-data
> - name: 389server-certs
> secret:
> secretName: my-tls-secret
> items:
> - key: tls.key
> path: server.key
> - key: tls.crt
> path: server.crt
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: kastl@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
No comments:
Post a Comment