On 2022-06-09 00:58, Kevin Fenzi wrote:
Another issue I thought of: with openvpn each client has its own set of certs. so, each pod needs just the ones for that node...
I thought of that too. You can either use one deployment+configmap+secret combo for each node or, my favorite, use a single deployment with one secret that contains all certs, keys and CA. And to avoid exposing everything to all openvpn pods, you can use an init container that will extract the right cert/key for each node, and expose it via an emptyDir
to the the openvpn container.
Would you be willing to work up a PR? I'm kinda out of my depth with this one...
Sure, can do that :) _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
