Wednesday, March 23, 2022

[389-users] Re: Running 389ds server in Kubernetes: Questions on certificate names and bootstrapping

On 23.03.22 at 10:50 Johannes Kastl wrote:

> This approach did work, putting the following into the deployment specification:
>
>>      - name: 389server-certs
>>        secret:
>>          secretName: my-tls-secret
>>          items:
>>          - key: tls.key
>>            path: /data/tls/server.key
>>          - key: tls.crt
>>            path: /data/tls/server.crt
>

Copied the wrong (non-working) version of the code... :-)

This one works, even when mounting the secret on top of the volume that is
needed to preserve the persistent data:

> volumeMounts:
> - name: 389server-data
> mountPath: '/data/'
> - name: 389server-certs
> mountPath: '/data/tls/'
> readOnly: true
[...]
> volumes:
> - name: 389server-data
> persistentVolumeClaim:
> claimName: 389server-data
> - name: 389server-certs
> secret:
> secretName: my-tls-secret
> items:
> - key: tls.key
> path: server.key
> - key: tls.crt
> path: server.crt




--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: kastl@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

No comments:

Post a Comment