Open bhardwahnitish19 opened 4 years ago
Hi @bhardwahnitish19 , a quick question. When you say "I choose keys in flex volume for EC certificates" do you mean you just need private key in the pod?
What I understand is following:
If this so, then @ritazh would this require some different enhancement to the csi-driver than the one mentioned here?
Hi @chintanr97
Please find my comments inline:
Do you mean you just need private key in the pod? I need both public & private key in pod. But, need them at different locations like /var/privatekey & /var/publickey. These must be in pem format so that the application can utilize easily without any type conversions. To achieve this, I am trying to export key and mount it at /var/privatekey and trying to export cert to /var/publickey. (Using 2 flex volume respectively)
1. You are creating an EC "certificate" object in key vault first. You get the CSR signed and enable the certificate by uploading the signed CSR. Right? Correct 2. Now the certificate object in key vault is a combination of both, the public and the private part. You need this EC key alone into your application-specific pod (preferably in PEM format). Right? Also please correct me if you need it in "some other format"! PEM format would be perfect for now.
Great! I understood! Hope the updated comments here help the project owners to create the required solutions.
Describe the bug Mount volume always fails if I choose keys in flex volume for EC certificates. Logs:
Steps to generate Cert:
Authentication used: SP
NOTE: Same flexVolume settings and steps to generate works perfectly for RSA certificate. Able to fetch Key for RSA certs, but for EC certs it fails.
Steps To Reproduce Create an EC, mark keys as exportable. Use SP to authenticate and try to fetch Key with Flex Volume
Expected behavior Shoule be able to fetch Keys for EC certificates in plain text
Access mode: service principal
Kubernetes version 1.15.x