How to inject updated certificates?

[entasisj]

Within our setup we renewed the certificates for the host running harbor. They are configured within the class 'harbor' with parameters 'ssl_cert', 'ssl_cert_key'. However, the class did not become aware of the updated certificates. I noticed that the files are copied to the subfolder 'secret/cert' of configured 'data_volume' path. The files have a strange user ID which might indicate they are copied from out of a Docker container. What is the right way to make the 'harbor' class become aware of the new certificates from calling Puppet code?

[walkamongus]

The cert files are specified in the yaml config file and Harbor then takes over and moves them to the right location and with he right ownership for container access. If you swap certs and just restart the service, are the new certs picked up?

[entasisj]

In the result we had to do the following steps:

1. Place updated cert files to configured "data_volume" directory.
2. Execute: chown 10000 (harbor user from container)
3. Execute: chmod 600
4. Restart service 'harbor'