Well, my question is really short and hopefully simple? Is it possible to add a cacerts
file automatically in every pod in a specific Kubernetes cluster?
According to this article it's possible by creating a ConfigMap and add this to the path /etc/ssl/certs/
. But is it possible to achieve this on a higher level so that all pods in a Kubernetes cluster have this cacerts
file?
You can add a MutatingAdmissionWebhook for a pod, which adds the folder by default as a volume to each pod. Check out the docs about MutatingAdmissionWebhooks and writing an admission webhook .
This way you add a "service", which mutates the pod config before the scheduler handles it. Check out this for a quick example.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.