Wednesday, March 23, 2022

[389-users] Re: Running 389ds server in Kubernetes: Questions on certificate names and bootstrapping

On 23.03.22 at 09:43 Johannes Kastl wrote:

> I will try to do subpath mounting, i.e. I will specify where each of the keys is
> "mounted" to, aka which file name it gets. But AFAIK this has some drawbacks,
> but currently it seems like the only option.

This approach did work, putting the following into the deployment specification:

> - name: 389server-certs
> secret:
> secretName: my-tls-secret
> items:
> - key: tls.key
> path: /data/tls/server.key
> - key: tls.crt
> path: /data/tls/server.crt

Not sure what happens on certificate renewal, it might be that the old
certificate stays mounted (from what I read). We'll see.


Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

No comments:

Post a Comment