Open lknite opened 2 years ago
Capturing a manual solution for other kubernetes folks:
volumeMounts:
- mountPath: /tmp/ca
name: certs
volumes:
- name: certs
configMap:
name: ca-certs
items:
- key: "ca.crt"
path: "cacert.pem"
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- "cat /tmp/ca/cacert.pem >> /opt/venv/lib/python3.7/site-packages/certifi/cacert.pem"
Using openid with an onprep keycloak requires adding the public certificates of the certificate authority to the taiga-back image.
Currently I'm doing this after taiga is setup by:
However, I'm using kubernetes which may decide to restart the pod at any time, such as if the node the pod is running on crashes. At this point taiga wouldn't work anymore without manually running the steps above. Do you have a recommended technique to add the certs to the taiga-back container?
If not, maybe the technique could be to mount a volume and a check could exist at startup that if the volume exists the container could import the files via the command in step 2, ... open to ideas.