Adding Volume on Deployment yaml file for HTTPS certificate

[berbarroso]

Hi,

How to add volume on yaml file for environment variables such as "ASPNETCORE_Kestrel__Certificates__Default__Path" and "ASPNETCORE_Kestrel__Certificates__Default__Password" ?

This is the content of my environment variable on Deployment yaml file:
env:

    - name:  ASPNETCORE_Kestrel__Certificates__Default__Path
      value: "/app/certificate.pfx"
      
    - name:  ASPNETCORE_Kestrel__Certificates__Default__Password
      value: "password"

I think that adding a volume will solve my error which is,
"Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file"

If there other ways to solve this, please let me know. Thanks!

[jander-msft]

You need to use a Kubernetes Secret to get the certificate into Kubernetes. See how its done for static files in this example: https://kubernetes.io/docs/concepts/configuration/secret/#use-case-pod-with-ssh-keys. Then the secret needs to be mounted using a volume mount.

If you are working in Azure and have a KeyVault that contains your certificate, you can use Azure Key Vault Provider for Secrets Store CSI Driver. This also uses Kubernetes Secrets, but the secret is populated by the driver rather than you manually creating a static secret.

[berbarroso]

Noted, I will try this. thank you for answering.

[karolz-ms]

You can also consider terminating HTTPS at ingress level and not handling HTTPS/certificates in your application. For more information on that option see https://learn.microsoft.com/en-us/azure/aks/ingress-tls?tabs=azure-cli

[berbarroso]

Noted, I will try this. thank you for answering.

[berbarroso]

Hi,

It works by adding kubernetes secret and adding volume and volumeMounts on Deployment yaml file.

Thank you everyone for helping!