Specifying certificates from the filesystem in db-less mode?

I know in declarative / database-less mode certificates can be provided in full as part of the declarative yaml, but is there any way to reference certificate files in the local filesystem instead?

I’d like to use a separate configuration mechanism to provision the certificates to the filesystem and check in the declarative config to Git without them.

1 Like

I have the same problem. Could I please ask if you found a solution to this?

Except for the default certificate that Kong uses, this is not possible as of today but would be a worthy addition.

1 Like

I think you’re right.

Here’s a little context for where I’m coming from. Perhaps I’m missing something.

We have multiple environments with different URLs and certificates. At the moment we use ytt to customize the Kong dbless yaml for each environment and then we deploy to a kubernetes cluster per environment.

I would love to mount the certificates as secrets to Kong containers as files (standard kubernetes stuff) and then refer to the certificate path in the Kong yaml. This way we can manage the certificates as kubernetes secrets using a secret manager instead of keeping them in yaml in our git repo (eek!)

At this point I’m considering implementing this as a go plugin for Kong instead of using the standard Kong plugin.

Love the Go plugin stuff btw!


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ