From b16e33bcf522464e03b332a9712570e65751bb69 Mon Sep 17 00:00:00 2001 From: Nitish Tiwari Date: Tue, 31 Jul 2018 23:28:34 +0530 Subject: [PATCH] Fix Kubernetes TLS doc to avoid creating CAs dir on read only mount (#6214) --- docs/tls/kubernetes/README.md | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/docs/tls/kubernetes/README.md b/docs/tls/kubernetes/README.md index c5f2cfddd..9f9d71453 100644 --- a/docs/tls/kubernetes/README.md +++ b/docs/tls/kubernetes/README.md @@ -40,21 +40,6 @@ Whether you are planning to use Kubernetes StatefulSet or Kubernetes Deployment, If you're using certificates provided by a CA, add the below section in your yaml file under `spec.volumes[]` -```yaml - volumes: - - name: secret-volume - secret: - secretName: tls-ssl-minio - items: - - key: public.crt - path: public.crt - - key: private.key - path: private.key -``` - -In case you are using a self signed certificate, Minio server will not trust it by default. To add the certificate as a -trusted certificate, add the `public.crt` to the `.minio/certs/CAs` directory as well. This can be done by - ```yaml volumes: - name: secret-volume @@ -80,5 +65,7 @@ Note that the `secretName` should be same as the secret name created in previous Here the name of `volumeMount` should match the name of `volume` created previously. Also `mountPath` must be set to the path of the Minio server's config sub-directory that is used to store certificates. By default, the location is -`/user-running-minio/.minio/certs`. Tip: In a standard Kubernetes configuration, this will be `/root/.minio/certs`. -Kubernetes will mount the secrets volume read-only, so avoid setting `mountPath` to a path that Minio server expects to write to. +`//.minio/certs`. + +*Tip*: In a standard Kubernetes configuration, this will be `/root/.minio/certs`. Kubernetes will mount the secrets volume read-only, +so avoid setting `mountPath` to a path that Minio server expects to write to.