Kubernetes version: Server Version: v1.18.10
Cloud being used: bare-metal
Trying to add my self signed cert to the pod trusted CA root, so application could verify and use the self signed certificate.
How should the cert be added? I found this tutorial explaining how to add the cert by custom config map and mounting that for the pod:
https://medium.com/@paraspatidar/add-self-signed-or-ca-root-certificate-in-kubernetes-pod-ca-root-certificate-store-cb7863cb3f87#b760
From the tutorial:
" what this will do is along with all exiting certificates in this CA root directory of pod , it will add your .pem file as well , it is partially similar to update-ca-certificates command , except that no symbolic links were created and no certificate text was appended in ca-certificates.crt , but thats file , it will still work same way an no additional changes are required."
Is this still valid way to add the certificate to the pod/container?
I managed to add the cert and do the mount, and the file is visible in the pod directory. But I did not find my self signed cert from cacerts, also the application is still failing with: “sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
Currently using helm chart and trying to deploy Graylog trough helm (https://hub.kubeapps.com/charts/stable/graylog). I did use the “graylog.extraVolumeMounts” -parameter for setting up the mount.
One thing that I’m wondering, is that I might have wrong permission for the file, as on the doc: readOnly: false. And I might be missing that setup on my deployment, as the changing the value has no effect. Permission for the file are: -rw-r–r-- 1 root root
I would appreciate If someone could confirm that the use of mount should do ‘update-ca-certificates’?
Or, pointing out some other direction how should the self signed cert be handled in pod.
Thanks in advace!