clusterplex icon indicating copy to clipboard operation
clusterplex copied to clipboard

Published 20 hours ago verified publisher icon pabloromeo

Add sslSecret value for mounting custom certificate

Open AngellusMortis opened this issue 6 months ago • 0 comments

This adds a new secret mount that lets you load a pkcs12 keystrore to use with Plex.

It would allow you to create and manage a cert with something like cert-manager:

apiVersion: v1
kind: Secret
metadata:
  name: pkcs-secret
  namespace: media
type: Opaque
stringData:
  password: somePassword
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: cert-plex
  namespace: media
spec:
  secretName: cert-plex
  duration: 2160h
  renewBefore: 360h
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: plex.example.com
  dnsNames:
  - plex.example.com
  keystores:
    pkcs12:
      create: true
      profile: Modern2023  # important as default profile will not work with Plex
      passwordSecretRef:
        name: pkcs-secret
        key: password

Then you can set sslSecret from above (cert-plex) and it will mount the keystore at /ssl/keystore.p12 so you can then use the following Network settings:

Custom certificate location: /ssl/keystore.p12
Custom certificate encryption key: somePassword
Custom certificate domain: plex.example.com
Custom server access URLs: https://plex.example.com

Pairs well with my other PR: https://github.com/pabloromeo/clusterplex/pull/329

AngellusMortis avatar Aug 17 '24 15:08 AngellusMortis