How to get client cert if I cannot easily add initContainer to my pod?

Hi there,

I’m wondering if I missed something in the documentation, and am hoping this group can help.

Regarding sharing certs with client apps running in Kubernetes pods…

Aside from using an initContainer, are there other suggestions on how to make the client cert&key, and CA cert available to my client app’s pod in Kubernetes? This aricle indicates I must use initContainer.

My reason for asking is because it will be hard for me to update my pods automatically (the build pipeline doesn’t give me a hook to update the pod YML before they get deployed - so I’d have to update them after the fact).

Thanks in advance for your help! I will likely have to work to update the build pipeline, but wanted to double check beforehand.

Regards,

Kyle

Hello again,

I am going to try using pod presets to inject initContainers to my pods that have a database label. I’ll upload a sample to this thread once I have it working.

Cheers,

Kyle

Hi,

PodPreset isn’t currently supported by DOKS (which I am using), GKE, or EKS…I suspect because it is settings.k8s.io/v1alpha1.

For posterity, here is the test command I ran to see if it was supported by my managed k8s instance:
kubectl apply -f https://k8s.io/examples/podpreset/preset.yaml

And the result:
error: unable to recognize “https://k8s.io/examples/podpreset/preset.yaml”: no matches for kind “PodPreset” in version “settings.k8s.io/v1alpha1

I’ll keep digging…but am looking forward to when PodPresets will be available!

Regards,

Kyle