code-server TLS certificates
To inject TLS certificates to the code-server pods, I have to mount the volume with K8S tls secret in "/usr/local/share/ca-certificate" and then "kubectl exec" into that pod and run "sudo update-ca-certificates". That's not pretty!
When I mount the secrets elsewhere and pass that mount point to CODER_TLS_CERT_FILE & CODER_TLS_KEY_FILE in my template file, the certificate won't get recognized and "curl -fsSL --compressed https://xxxx.com/bin/coder-linux-amd64" returns "curl: (60) SSL certificate problem: unable to get local issuer certificate." Anybody has a clue why I can't have the certificate registered using those variables? Is there any better solution to that?
When I mount the secrets elsewhere and pass that mount point to CODER_TLS_CERT_FILE & CODER_TLS_KEY_FILE in my template file, the certificate won't get recognized and "curl -fsSL --compressed https://xxxx.com/bin/coder-linux-amd64" returns "curl: (60) SSL certificate problem: unable to get local issuer certificate." Anybody has a clue why I can't have the certificate registered using those variables? Is there any better solution to that?
