Mount SSL certificates in the Pod with Kubernetes secret

In Kubernetes multi worker node environment, it is not ideal to mount local storage as a volume as we are doing in with docker -v hostpath/containerpath

If you need to use some external files into a Kubernetes Pod, you can use Kubernetes secret

Encode your ssl certs with base64

I assume that you have two ssl certs file one is nginx.key other is nginx.crt Create base64 encoded version of the both file. I trimmed to output for better reading.

$ base64 nginx.key 
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ1lrL2hMaEMzalh2Y3kKUHY1VDdNcU1OMWR5STlQNVM5MlpUUllNT1VZb2JiUXREeE1KbWxMd3g4c0owQURlWjVzTWRSQkYwWjJzNVBrMApHL3V2d2c2c2JpSTFCaXVqaVBzdnRwWVpIaC9nZVdJUG5zSlk5dWpJenFyZ3Q0UUoxNzkvRjhncjliVUpJdlNQCnZ2YTQycjRFMEdoUzFnaVNUWENSbk…
$ base64 nginx.crt 
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHRENDQWdBQ0NRRHJDajdxWHFhR1VqQU5CZ2txaGtpRzl3MEJBUXN…

Create a ssl secret file

$ cat sslsecret.yml
apiVersion: v1
data:
 nginx.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ1lrL2hMaEMzalh2Y3kKUHY1VDdNcU1OMWR5STlQNVM5MlpUUllNT1VZb2JiUXREeE1KbWxMd3g4c0owQURlWjVzTWRSQkYwWjJzNVBrMApHL3V2d2c2c2JpSTFCaXVqaVBzdnRwWVpIaC9nZVdJUG5zS....
 nginx.crt: S0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHRENDQWdBQ0NRRHJDajdxWHFhR1VqQU5CZ2txaGtpRzl3MEJBUXN….
kind: Secret
metadata:
 name: nginx-ssl
type: Opaque

Create the secret

$ kubectl apply -f sslsecret.yml

Mount nginx-ssl secret in the nginx deployment

apiVersion:  apps/v1
kind: Deployment 
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx
        name: nginx
        volumeMounts:
          - mountPath: "/etc/nginx/ssl"
            name: nginx-ssl
            readOnly: true
        ports:
        - containerPort: 80
      volumes:
        - name: nginx-ssl
          secret:
            secretName: nginx-ssl
      restartPolicy: Always

This mount point will create two files nginx.key and nginx.crt under /etc/nginx/ssl directory in the pod. If you used different key name instead of nginx.crt and nginx.key you will see files with the name of your keys.

Ismail YENIGUL

Follow us on Twitter 🐦 and Facebook 👥 and join our Facebook Group 💬.

To join our community Slack 🗣️ and read our weekly Faun topics 🗞️, click here⬇

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author! ⬇