I know in declarative / database-less mode certificates can be provided in full as part of the declarative yaml, but is there any way to reference certificate files in the local filesystem instead?
I’d like to use a separate configuration mechanism to provision the certificates to the filesystem and check in the declarative config to Git without them.
Here’s a little context for where I’m coming from. Perhaps I’m missing something.
We have multiple environments with different URLs and certificates. At the moment we use ytt to customize the Kong dbless yaml for each environment and then we deploy to a kubernetes cluster per environment.
I would love to mount the certificates as secrets to Kong containers as files (standard kubernetes stuff) and then refer to the certificate path in the Kong yaml. This way we can manage the certificates as kubernetes secrets using a secret manager instead of keeping them in yaml in our git repo (eek!)
At this point I’m considering implementing this as a go plugin for Kong instead of using the standard Kong plugin.