Closed julianxhokaxhiu closed 6 years ago
dippynark
commented
6 years ago Hi @julianxhokaxhiu, glad to see this is working well for you.
You can just mount the generated secrets into other pods in the same way as any other secret. The Kubernetes docs here explains how to do that in more detail.
julianxhokaxhiu
commented
6 years ago Thank you for the suggestion @dippynark
Although I saw that already, the current issue is that I have no idea how the secret is stored internally. Is it a JSON? Is it a plain text blob? How can I recognize where the crt and where the key content is?
Any idea is highly appreciated.
dippynark
commented
6 years ago @julianxhokaxhiu kube-lego doesn't store any of the certificates in any Pod, it puts them all into Kubernetes Secret resources. Each Secret resource has two key value pairs in the data section with keys of tls.key and tls.crt with values of your key and certificate, so if you were to mount the Secret at some directory within a Pod, you'd get two files called tls.key and tls.crt containing the values you want. You can see the two values by doing kubectl get secret mydomain.com-tls -o yaml. This will return them encoded in base64 as normal. I hope that helps
julianxhokaxhiu
commented
6 years ago Awesome help! Thank you very much, really appreciated!
Hi,
I am currently using this together with
nginx-ingresscontroller and it works really well. Thank you very much for this project.Although I have the need to expose certs obtained through your pod, across other pods too. In order to do so, for me would be more than enough to have the possibility to mount a volume on the host, so I can hard-link those files. Basically I need the public
crtand the privatekeyfiles, possibily named using the same inherited secret name through thetlsdeclaration.An example of this would be:
Is it possible to be done already? I checked your Dockerfile and I didn't saw any
VOLUMEdefinition, therefore I thought it's not possible. However feel free to correct me if I am wrong.Thank you in advance, Julian