search

RedHatOfficial / openemr-kube

OpenShift/Kube deployment info for OpenEMR (https://www.open-emr.org/)
11 stars 13 forks source link

Need to generate certificates and mount them in /etc/ssl #2

Open jeffcpullen opened 4 years ago

jeffcpullen commented 4 years ago

Rather than having certificates generated by the image or letsencrypt it seems like it would make more sense to have OCP generate them and mount them in /etc/ssl/certs and /etc/ssl/private.

Pod fails to start without those certificates.

touch: /var/www/localhost/htdocs/openemr/sites/default/docker-initiated: No such file or directory

Love OpenEMR? You can now support the project via the open collective:
 > https://opencollective.com/openemr/donate

Starting cron daemon!
Starting apache!
AH00526: Syntax error on line 59 of /etc/apache2/conf.d/openemr.conf:
SSLCertificateFile: file '/etc/ssl/certs/webserver.cert.pem' does not exist or is empty
bostrt commented 4 years ago

I resolved this temporarily by removing the volume mount at /etc/ssl in deployment. This will result in a new cert being created each restart which takes time.

jeffcpullen commented 4 years ago

I don't think we want it generating certs anyways. What do you think of using the service secret annotation and just having all the pods leverage that? That is what I pushed in commit 20c627db8ac199c198d6e8d3e56f3865333578c4

bostrt commented 4 years ago

Agreed! The container image has been adjusted accordingly to accept a mount at /etc/ssl/certs by default.