Share cacerts, truststore across multiples nodes of Kubernetes

Question

K8s n00b here.
How would a java app that can have multiple pods, across nodes, use the same cacerts, truststore across?

Should I take some different approach?

My use-case is that an admin of that app can add a cert./key to these truststore, cacerts, and it needs to be used (propagated?) to all the apps using them.

Thanks!

score 2 · Answer 1 · answered May 27 '20 at 13:06

2

You can use some approachs to distribute the files between pods:

If the file is open just for read, you can create a configMap to store the file, and them mount the configmap in all your pods.

If the file is open to read/write, you can use PersistVolumes using NFS or if you are using some cloud provider, there is a possibility to attach volumes in your pods (see here) like EBS to AWS and GCP Persistent Disk be mount in all the pods for read/write.

There is no "correct way" all depends of how your application works.

answered May 27 '20 at 13:06

Mr.KoopaKiller

188
10

our solution looks like to encode it as Secret, and mount its files where needed. – Nadav May 27 '20 at 20:04
1

Yes, it is totally valid, depending the file type you can use configmap or secrets. – Mr.KoopaKiller May 27 '20 at 20:09

Share cacerts, truststore across multiples nodes of Kubernetes

1 Answers1