Question posted in
The official documentation can be found here.

Docker – Configuration to get web server to use certificates mounted in kubernetes deployment

Im looking to have my application running in a kubernetes cluster use the certificate mounted in a volume defined in my deployment.yaml file.

I am not using ingress, instead I have my service set up as a LoadBalancer. I cannot find how to have this service handle tls termination. So i’ve gone the other route where I must mount and use the certificate within the pod.

I’ve mounted a secret which contains the certificate info within the applications deployment.yaml file. The pod is up and running and has successfully found this secret. The only issue is the web server is not configured to use the certificate so my site is not available. How can I set the web server to use the certificate? Can it be set within the command in the docker file?

The web server is running:
npm run preview

Checking the package.json file, this is:
"preview": "vite preview"

Can i configure vite to use certificates stored within the kubernetes container? Is it possible to set this in my dockerfile?

deployment section which has mounted the certificate

          volumeMounts:
            - name: cert-volume
              mountPath: "/etc/ssl/certs"
              readOnly: true
      volumes:
        - name: cert-volume
          secret:
            secretName: my-secret

I’ve checked online and I don’t really see much of a way to get my npm web server to use this certificate for TLS termination. I suspect something I can add to package.json or directly in the dockerfile to point to this directory within my kubernetes container.

Does anyone have similar set up or experience doing this?

Tags:

2

Answers


  1. 0

    For ViteJS, you need to configure server.https option as stated in https://vitejs.dev/config/server-options.html#server-https

    At the minimum, you need to pass the key and the certificate to that option as demonstrated in https://nodejs.org/api/https.html#httpscreateserveroptions-requestlistener.

    Example:

    import { defineConfig } from 'vite';
import fs from 'fs';

export default defineConfig({
  server: {
    https: {
      key: fs.readFileSync('/path/to/key.pem'),
      cert: fs.readFileSync('/path/to/cert.pem'),
    },
  },
});
    Login or Signup to reply.
  2. 0

    Since you are using the Vite as your web server , you will need to make some configurations specific to vite. And the Vite’s server can be configured to use TLS/SSL by modifying your vite.config.js and however you need to specify the path to your certificate. Refer to this official documentation for configuring the Vite , including the server options.

    And since the web server is running: npm run preview the easiest way is to use the vite-plugin-mkcert package. Below is the command for this,

    • npm i vite-plugin-mkcert -D

    Once this is done your vite.config.js will look like this,

    import { defineConfig } from 'vite'
import mkcert from 'vite-plugin-mkcert'

export default defineConfig({
  server: { https: true }, // Not needed for Vite 5+
  plugins: [ mkcert() ]
})

    After this, it will install a local certificate onto your system and to a number of installed browsers.

    You can also start your Vite server with the below command:

    $ npm run dev — –host

    This passes the –host flag to the vite command line.You will see output like:

    vite v2.7.9 dev server running at:

  > Local:    http://localhost:3000/
  > Network:  http://192.168.4.68:3000/

  ready in 237ms.
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search