Example: Importing TLS Certificates from Kubernetes Secrets

A common way to manage TLS keys and certificates in Kubernetes is to store them in Secret objects and then mount those secrets into the container that uses them. In Kubernetes, mounting a TLS Secret results in the private key being mounted as "tls.key" and the certificate being mounted as "tls.crt". For example, the configuration document and TLS files for the service could be mounted as follows:

/import/

├── config/

| └── vtm-config.yaml

└── tls/

└── example-service/

├── tls.key

└── tls.crt

Based on this file structure, the following configuration document configures a virtual server to present the certificate and decrypt the incoming traffic:

vtm-config.yaml
virtual_servers: - name: example-service properties: basic: enabled: true port: 443 protocol: http pool: example-service-pool ssl_decrypt: true ssl: server_cert_default: example-service-cert ssl: server_keys: - name: example-service-cert properties: basic: public: valueFrom: fileRef: name: tls/example-service/tls.crt private: valueFrom: fileRef: name: tls/example-service/tls.key

vtm-config.yaml

virtual_servers:

- name: example-service

properties:

basic:

enabled: true

port: 443

protocol: http

pool: example-service-pool

ssl_decrypt: true

ssl:

server_cert_default: example-service-cert

ssl:

server_keys:

- name: example-service-cert

properties:

basic:

public:

valueFrom:

fileRef:

name: tls/example-service/tls.crt

private:

valueFrom:

fileRef:

name: tls/example-service/tls.key