On 23.03.22 at 09:43 Johannes Kastl wrote:
I will try to do subpath mounting, i.e. I will specify where each of the keys is "mounted" to, aka which file name it gets. But AFAIK this has some drawbacks, but currently it seems like the only option.
This approach did work, putting the following into the deployment specification:
- name: 389server-certs
secret:
secretName: my-tls-secret
items:
- key: tls.key
path: /data/tls/server.key
- key: tls.crt
path: /data/tls/server.crt
Not sure what happens on certificate renewal, it might be that the old certificate stays mounted (from what I read). We'll see.
Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: kastl@xxxxxxxxxxxxx B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehner Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
