K
Q

Get .pem files in kubernetes with secret certificate

3/11/2020

I have two .pem files, one public and one private, that I want to use in my Rancher kubernetes cluster as a secret. In the API, I have gone to Resource->Secrets->Certificates and added the certificate with the name cenc-encryption-certificate. In my YAML, I've added the following information

  - mountPath: /etc/ssl/certs
    name: cenc-encryption-certificate
    readOnly: true


volumes:
- name: cenc-encryption-certificate
  secret: 
    defaultMode: 420
    optional: false
    secretName: cenc-encryption-certificate

This loads up, but doesn't put the certificate on the file system. I believe I need a key/path in items, but I don't know what value those should be. How do I get the .pem files into my container?

-- Kyle W
certificate
kubernetes
kubernetes-helm
rancher
yaml

Similar Questions

Separate website with same domain name by adding /organizationx path at the url
How can I limit the usage of swap memory in k8s?
Installing a local FTP Server with K8S / Minikube, and accessing it with Filezilla
Instaling multi-node kubernetes cluster on windows

1 Answer

3/11/2020

It turns out that it was putting the files out. It seems that there are two files: tls.crt and tls.key that get placed. If you're interested in pulling the keys out themselves, you can use those values as keys to rename them. Since putting them in /etc/ssl/hosts was also clearing out the directory, the final values I went with were:

          - mountPath: /etc/ssl/certs/cenc-encryption-certificate
            name: cenc-encryption-certificate
            readOnly: true


      - name: cenc-encryption-certificate
        secret:
          optional: false
          secretName: cenc-encryption-certificate
          items:
          - key: tls.crt
            path: tls.crt
          - key: tls.key
            path: tls.key
-- Kyle W
Source: StackOverflow