search

cmattoon / aws-ssm

Populates Kubernetes Secrets from AWS Parameter Store
https://hub.docker.com/r/cmattoon/aws-ssm/
Apache License 2.0
166 stars 32 forks source link

no CA certs in image #7

Closed cmosetick closed 6 years ago

cmosetick commented 6 years ago

Seems like we need volume mount CA certs or provide some in the docker image:

level=info msg="Couldn't get value for aws-ssm/test-secret: RequestError: send request failed\ncaused by: Post https://ssm.us-east-2.amazonaws.com/: x509: failed to load system roots and no roots provided"
cmosetick commented 6 years ago

PR #8 adds ca certificates to the aws-ssm docker image.

I'm aware that some people think its bad practice to include CA certs in docker images, but it seems to make sense in this situation, rather than using host volume mounting of /etc/ssl/certs.

cmattoon commented 6 years ago

Agreed on the volume mounts, though maybe I can add that to the chart later if needed. Merged #8, so we should be good now. Will do some more testing and tag another release later. Thanks!

cmattoon commented 6 years ago

Moved the apk add into the 2nd stage image, and also added a host_ssl_dir Value to enable mounting the directory from the host (EC2). Both seem to work independent of each other.