sql-server kubernetes config kubernetes-statefulset

Configuring SQL Server in Kubernetes StatefulSet with Custom TLS Settings: Bootstraping in a Container using a Custom Configuration File

I'm currently deploying SQL Server in a Kubernetes StatefulSet and facing challenges in providing a custom configuration file (mssql-config.conf) during the startup process. I want to ensure that SQL Server uses specific configurations from my custom file.

Current Issue:

I'm unable to find a straightforward method to provide a custom configuration file during the initial startup.
Post-startup, I have to manually edit the mssql.conf file located at /var/opt/mssql/mssql.conf, followed by a SQL Server restart to apply the changes.
The configuration file path (/var/opt/mssql/mssql.conf) seems fixed, and attempts to change it have been unsuccessful.

Example Configuration for TLS:

[network]
tlscert = /etc/ssl/certs/mssql.pem
tlskey = /etc/ssl/private/mssql.key
tlsprotocols = 1.2
forceencryption = 1

What steps should I follow to initiate SQL Server in a Kubernetes StatefulSet and seamlessly incorporate my custom TLS configuration file (mssql-config.conf) during the bootstrap process?
Which environment variables or commands are crucial to ensuring that SQL Server reads the TLS settings from my specified configuration file within a Kubernetes StatefulSet?
Are there any recommended considerations or best practices for configuring SQL Server in a container within a Kubernetes StatefulSet using a custom configuration file, especially for TLS settings?

I appreciate any insights, examples, or recommendations from the community to address this challenge.

Solution

Based on the comments, I created and mounted the certificate and configuration files before starting SQL Server:

First, I mounted the required certificate and key files at a path like /var/opt/mssql/tls/ using Kubernetes Secrets.

Then I passed an initialization script in the SQL Server container to create the mssql.conf file at /var/opt/mssql/ with the desired certificates and configurations. After that, I started SQL Server, which then used the configurations provided in the /var/opt/mssql/mssql.conf file.

This ensures that SQL Server starts with the custom TLS settings/custom configuration specified in the configuration file.