Best Practices for Deploying Moto Proxy to a Local Kubernetes Cluster and Managing Certificate Files

[megetron3]

Hello,

I'm currently exploring the optimal method for deploying the moto proxy to a local Kubernetes cluster.

I have a Dockerfile that generates the AWS_CA_BUNDLE certificate file as follows:

FROM python:3.11-slim
RUN pip3 install moto[proxy]
ENV AWS_CA_BUNDLE=/usr/local/lib/python3.11/site-packages/moto/moto_proxy/ca.crt
ENTRYPOINT ["moto_proxy", "-H", "0.0.0.0"]
EXPOSE 5005

In my cluster, there are other Docker containers that execute boto3 commands. These containers need to be configured with the AWS_CA_BUNDLE from the moto-proxy Docker container (specifically, the 'moto/moto_proxy/ca.crt' file).

One approach I'm considering is to share a folder within the Kubernetes cluster and copy the .crt file into this shared folder.

However, I'm wondering if there might be a more efficient solution.

Is it possible to create a fixed certificate bundle for HTTPS usage? If so, I could potentially set this as a secret key in a Kubernetes ConfigMap, which might be a simpler solution than sharing files between pods.

Any advice or suggestions would be greatly appreciated.

[megetron3]

seems like it's already a fixed crt key:) closing.