mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Fix Kubernetes TLS doc to avoid creating CAs dir on read only mount (#6214)
This commit is contained in:
parent
197af49c99
commit
b16e33bcf5
@ -40,21 +40,6 @@ Whether you are planning to use Kubernetes StatefulSet or Kubernetes Deployment,
|
|||||||
|
|
||||||
If you're using certificates provided by a CA, add the below section in your yaml file under `spec.volumes[]`
|
If you're using certificates provided by a CA, add the below section in your yaml file under `spec.volumes[]`
|
||||||
|
|
||||||
```yaml
|
|
||||||
volumes:
|
|
||||||
- name: secret-volume
|
|
||||||
secret:
|
|
||||||
secretName: tls-ssl-minio
|
|
||||||
items:
|
|
||||||
- key: public.crt
|
|
||||||
path: public.crt
|
|
||||||
- key: private.key
|
|
||||||
path: private.key
|
|
||||||
```
|
|
||||||
|
|
||||||
In case you are using a self signed certificate, Minio server will not trust it by default. To add the certificate as a
|
|
||||||
trusted certificate, add the `public.crt` to the `.minio/certs/CAs` directory as well. This can be done by
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
volumes:
|
volumes:
|
||||||
- name: secret-volume
|
- name: secret-volume
|
||||||
@ -80,5 +65,7 @@ Note that the `secretName` should be same as the secret name created in previous
|
|||||||
|
|
||||||
Here the name of `volumeMount` should match the name of `volume` created previously. Also `mountPath` must be set to the path of
|
Here the name of `volumeMount` should match the name of `volume` created previously. Also `mountPath` must be set to the path of
|
||||||
the Minio server's config sub-directory that is used to store certificates. By default, the location is
|
the Minio server's config sub-directory that is used to store certificates. By default, the location is
|
||||||
`/user-running-minio/.minio/certs`. Tip: In a standard Kubernetes configuration, this will be `/root/.minio/certs`.
|
`/<user-running-minio>/.minio/certs`.
|
||||||
Kubernetes will mount the secrets volume read-only, so avoid setting `mountPath` to a path that Minio server expects to write to.
|
|
||||||
|
*Tip*: In a standard Kubernetes configuration, this will be `/root/.minio/certs`. Kubernetes will mount the secrets volume read-only,
|
||||||
|
so avoid setting `mountPath` to a path that Minio server expects to write to.
|
||||||
|
Loading…
Reference in New Issue
Block a user