certs are tricky #
I tried to deploy a cluster with a passphrase encrypted key again. It still doesn’t work.
naming files #
Also, I’m pretty sure the files need to be named tls.key, tls.crt, ca.crt
when adding them as a kubernetes secret.
It looks like they’re extracted and copied to certain locations in the mounting
process.
thanks ubuntu #
While I’m here, it looks like adding a CA certificate to Ubuntu is trickier than
I thought.
I had tried to copy my ca.pem file to the proper location and running
update-ca-certificates, but it didn’t work.
The file has to end in .crt to be processed, which was really annoying, but now
I know.
Time to update some playbooks.