aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml')
-rw-r--r--kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml26
1 files changed, 26 insertions, 0 deletions
diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
index d6c58cd75f..b3e90a2efb 100644
--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
@@ -34,6 +34,12 @@ spec:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ # host alias allows local 'cfy' command to use https and match
+ # the host name in the certificate
+ hostAliases:
+ - ip: "127.0.0.1"
+ hostnames:
+ - "dcae-cloudify-manager"
initContainers:
- name: {{ include "common.name" . }}-multisite-init
image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }}
@@ -44,10 +50,26 @@ spec:
- --configmap
- {{ .Values.multisiteConfigMapName }}
restartPolicy: Never
+ - name: init-tls
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {}
+ volumeMounts:
+ - mountPath: /opt/tls/shared
+ name: tls-info
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: REQUESTS_CA_BUNDLE
+ value: "/opt/onap/certs/cacert.pem"
resources:
{{ include "common.resources" . | indent 12 }}
ports:
@@ -86,6 +108,8 @@ spec:
readOnly: true
- mountPath: /cfy-persist
name: cm-persistent
+ - mountPath: /opt/onap/certs
+ name: tls-info
securityContext:
privileged: True
volumes:
@@ -107,5 +131,7 @@ spec:
- name: cm-persistent
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-data
+ - emptyDir: {}
+ name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"