Helm 图表使用来自证书管理器的秘密
Helm chart to use secrets from cert-manager
我想在 Helm 图表中自动使用由 cert-manager 创建的证书,如 here 所述。例如下面的 YAML。
---
apiVersion: v1
kind: Pod
metadata:
name: mypod
labels:
app: mypod
spec:
containers:
- name: mypod
image: repo/image:0.0.0
imagePullPolicy: Always
volumeMounts:
- name: certs
mountPath: /etc/certs
readOnly: true
ports:
- containerPort: 4443
protocol: TCP
volumes:
- name: certs
secret:
secretName: as_created_by_cert-manager
如何提交 YAML 以从 cert-manager 获取 Certificate,然后将生成的 Secret 插入上面的 Pod YAML,在 Helm 图表中?
我应 OP 的要求将 David 的评论作为社区维基答案发布:
You should be able to write the YAML for the Certificate in the same
chart, typically in its own file. I'd expect it would work to create
them together, the generated Pod would show up as "Pending" in kubectl
get pods output until cert-manager actually creates the matching
Secret. – David Maze
我想在 Helm 图表中自动使用由 cert-manager 创建的证书,如 here 所述。例如下面的 YAML。
---
apiVersion: v1
kind: Pod
metadata:
name: mypod
labels:
app: mypod
spec:
containers:
- name: mypod
image: repo/image:0.0.0
imagePullPolicy: Always
volumeMounts:
- name: certs
mountPath: /etc/certs
readOnly: true
ports:
- containerPort: 4443
protocol: TCP
volumes:
- name: certs
secret:
secretName: as_created_by_cert-manager
如何提交 YAML 以从 cert-manager 获取 Certificate,然后将生成的 Secret 插入上面的 Pod YAML,在 Helm 图表中?
我应 OP 的要求将 David 的评论作为社区维基答案发布:
You should be able to write the YAML for the Certificate in the same chart, typically in its own file. I'd expect it would work to create them together, the generated Pod would show up as "Pending" in kubectl get pods output until cert-manager actually creates the matching Secret. – David Maze