diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-12-15 11:56:51 +0100 |
|---|---|---|
| committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-02 08:30:22 +0000 |
| commit | 87f49af6feef4af57a1a977d10a7ac05428cc5c7 (patch) | |
| tree | d6b9210b21a086e34962ae78273355f3eb68c52b /kubernetes/aai/templates | |
| parent | 3959a62d5e5112e80698e13bd73d12eb318d7f49 (diff) | |
[AAI] Use CertInitializer for AAI Proxy
Instead of using an harcoded certificate for AAI Haproxy, let's use
certInitializer in order to have a fresh one.
Issue-ID: OOM-2654
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id07af4084ae714bc7ba7132b218434229a0ba866
Diffstat (limited to 'kubernetes/aai/templates')
| -rw-r--r-- | kubernetes/aai/templates/configmap.yaml | 30 | ||||
| -rw-r--r-- | kubernetes/aai/templates/deployment.yaml | 10 |
2 files changed, 3 insertions, 37 deletions
diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml index d2735b4882..b0da359ab1 100644 --- a/kubernetes/aai/templates/configmap.yaml +++ b/kubernetes/aai/templates/configmap.yaml @@ -44,36 +44,6 @@ data: {{ else }} {{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }} {{ end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: aai-haproxy-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/haproxy/aai.pem").AsSecrets . | indent 2 }} -# This is a shared key for both resources and traversal ---- -apiVersion: v1 -kind: Secret -metadata: - name: aai-auth-truststore-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }} - {{ if .Values.global.installSidecarSecurity }} --- apiVersion: v1 diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index 83d78238b0..2ca489f2de 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - /app/ready.py args: @@ -75,9 +75,7 @@ spec: subPath: haproxy.cfg {{ end }} name: haproxy-cfg - - mountPath: /etc/ssl/private/aai.pem - name: aai-pem - subPath: aai.pem + {{- include "common.certInitializer.volumeMount" . | nindent 8 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -128,8 +126,6 @@ spec: - name: haproxy-cfg configMap: name: aai-deployment-configmap - - name: aai-pem - secret: - secretName: aai-haproxy-secret + {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" |