Unfortunately the CRs do not have a way for you to supply any extra secrets to mount as volumes. You could supply the SSL certificate in an environment variable instead, which would need to be in the admin container.
If you want to use the cert in a web browser flow then you would need to grab the env var and save it into your site's Drupal database in a Drupal cron job. This is because pjp-fpm wil not allow arbitrary environment variables through into the PHP code. If you only use the cert in a Drupal cron job then you do not need to save it into the database as you will always be able to access it.
If the SSL certificate is actually a private key and public cert then it would probably be a good idea to use an encyrpted key and have the password in the module. Example yaml in the top CR:
spec:
...
template:
- containers:
- env:
- name: MY_CUSTOM_SSL_CERT
value: <base64-encoded-x590-cert>
name: admin
name: ptl-www
------------------------------
Evan Jardine-Skinner
------------------------------
Original Message:
Sent: Wed June 26, 2024 11:48 AM
From: Matt E
Subject: What's the best approach to uploading a certificate into the admin container of a WWW pod?
OpenShift - APIC 10.0.5.x
We are looking to upload/mount a SSL certificate that we use in a custom module for TLS verification. We'd prefer not to add the certificate into the module as it will expire once a year. I'm assuming the best approach would be to create a custom secret and add it to a VolumeMount. Is something like that possible or do we need a different approach? We are using a top level CR if that matters.
Matt
------------------------------
Matt
------------------------------