In addition to ${CERTNAME}.pem files produced as the private key
and cert filenames, symlink to canonicalized filenames.
Use server.key for the private key and server.crt for the cert.
These preferred names come from Postgres but appear to be relatively
standardized elsewhere as well.
Using static paths makes it easier to configure consuming apps. In
particular, with SSL bootstrapping moved to an initContainer in k8s,
it makes configuration of the actual application container simpler.
For all applications, it makes it so that environment variables
need not be injected into configuration files.
Note that puppetdb prefers the filenames private.pem and public.pem
in jetty.ini, but these are easily changed.
In addition to ${CERTNAME}.pem files produced as the private key and cert filenames, symlink to canonicalized filenames.
Use server.key for the private key and server.crt for the cert. These preferred names come from Postgres but appear to be relatively standardized elsewhere as well.
Using static paths makes it easier to configure consuming apps. In particular, with SSL bootstrapping moved to an initContainer in k8s, it makes configuration of the actual application container simpler. For all applications, it makes it so that environment variables need not be injected into configuration files.
Note that puppetdb prefers the filenames private.pem and public.pem in jetty.ini, but these are easily changed.