On 23.03.22 at 09:43 Johannes Kastl wrote:
> I will try to do subpath mounting, i.e. I will specify where each of the keys is
> "mounted" to, aka which file name it gets. But AFAIK this has some drawbacks,
> but currently it seems like the only option.
This approach did work, putting the following into the deployment specification:
> - name: 389server-certs
> secret:
> secretName: my-tls-secret
> items:
> - key: tls.key
> path: /data/tls/server.key
> - key: tls.crt
> path: /data/tls/server.crt
Not sure what happens on certificate renewal, it might be that the old
certificate stays mounted (from what I read). We'll see.
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: kastl@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
No comments:
Post a Comment