4:39 p.m.
On 9/14/22 17:24, Mikhaël MYARA wrote:
I also have seen the "--secret" option for podman I did
not
understad If it would solve my problem. Please also notice that the
"let's encrypt" keys are re-generated sometimes because they have a 1
month lifetime.
I think I follow you. The problem seems to be caused by doing the
renewal on the host as root, instead of inside a rootless container, ya?
If you can containerize the renewal, than root in one (rootless)
container will be root in any other rootless container (for the same
host-user).
Otherwise, yes, mounting the keys into the containers as file-secrets is
maybe an easier solution. If I remember correctly, the let's encrypt
keys stay the same, even for a renewal. So that should works as well
assuming the user has access to read them on the host (or you copy paste
them into a secret).
Re: Not understanding secrets. I think there's a blog (somewhere) on
the topic. They're fairly easy to understand. Though you'll need to
update your paths, the mounted secrets always show up in the container
under /run/secrets/
Chris Evich (he/him), RHCA III
Senior Quality Assurance Engineer
Nearly all opportunities, can only be achieved in the future.