mirror of
https://github.com/minio/minio.git
synced 2024-12-23 21:55:53 -05:00
Fix Kubernetes TLS doc to avoid creating CAs dir on read only mount (#6214)
This commit is contained in:
parent
197af49c99
commit
b16e33bcf5
@ -40,21 +40,6 @@ Whether you are planning to use Kubernetes StatefulSet or Kubernetes Deployment,
|
||||
|
||||
If you're using certificates provided by a CA, add the below section in your yaml file under `spec.volumes[]`
|
||||
|
||||
```yaml
|
||||
volumes:
|
||||
- name: secret-volume
|
||||
secret:
|
||||
secretName: tls-ssl-minio
|
||||
items:
|
||||
- key: public.crt
|
||||
path: public.crt
|
||||
- key: private.key
|
||||
path: private.key
|
||||
```
|
||||
|
||||
In case you are using a self signed certificate, Minio server will not trust it by default. To add the certificate as a
|
||||
trusted certificate, add the `public.crt` to the `.minio/certs/CAs` directory as well. This can be done by
|
||||
|
||||
```yaml
|
||||
volumes:
|
||||
- name: secret-volume
|
||||
@ -80,5 +65,7 @@ Note that the `secretName` should be same as the secret name created in previous
|
||||
|
||||
Here the name of `volumeMount` should match the name of `volume` created previously. Also `mountPath` must be set to the path of
|
||||
the Minio server's config sub-directory that is used to store certificates. By default, the location is
|
||||
`/user-running-minio/.minio/certs`. Tip: In a standard Kubernetes configuration, this will be `/root/.minio/certs`.
|
||||
Kubernetes will mount the secrets volume read-only, so avoid setting `mountPath` to a path that Minio server expects to write to.
|
||||
`/<user-running-minio>/.minio/certs`.
|
||||
|
||||
*Tip*: In a standard Kubernetes configuration, this will be `/root/.minio/certs`. Kubernetes will mount the secrets volume read-only,
|
||||
so avoid setting `mountPath` to a path that Minio server expects to write to.
|
||||
|
Loading…
Reference in New Issue
Block a user