0

I'm a noob with Istio and K8s so sorry if this question sounds a little dumb.

I'm trying to provide my own certs to the Gateway deployment for which I created secrets like below.

$ kubectl create -n istio-system secret tls certs --key example.comkey.pem --cert example.com.pem
$ kubectl create -n istio-system secret generic ca-certs --from-file=rootCA.pem

Edited my deployment

sidecar.istio.io/userVolumeMount: '[{"name":"certs", "mountPath":"/etc/certs", "readonly":true},{"name":"ca-certs", "mountPath":"/etc/ca-certs", "readonly":true}]'
sidecar.istio.io/userVolume: '[{"name":"certs", "secret":{"secretName":"certs"}},{"name":"ca-certs", "secret":{"secretName":"ca-certs"}}]'

Followed the steps provided in here and here but I still do not see the files mounted.

Am I missing something?

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:59:11Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}
Shriram Sharma
  • 599
  • 1
  • 5
  • 19

1 Answers1

1

I was able to resolve this issue. I'm not sure if this is the right way to do it though. I missed adding volumeMounts and volumes. Once I made the below change, I could see my files mounted.

volumeMounts:
- name: certs
  mountPath: /etc/certs
  readOnly: true
- name: ca-certs
  mountPath: /etc/ca-certs
  readOnly: true

volumes:
- name: certs
  secret:
  secretName: certs
  optional: true
- name: ca-certs
  secret:
  secretName: ca-certs
  optional: true
Shriram Sharma
  • 599
  • 1
  • 5
  • 19