diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-08 15:29:05 +0100 |
---|---|---|
committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2021-03-02 19:32:10 +0000 |
commit | 1d7647e027a74726e2ce0dea3e0c24933a38a9de (patch) | |
tree | b1d72c7e4819f28b8cd23f2288dd3e870bfe491c /kubernetes/cds/components/cds-ui/templates | |
parent | 4487c4e27d5bd309165a8ea25e4afc58dac72504 (diff) |
[CDS] Retrieve certificates automatically
Today, CDS UI is using an hardcoded certificate, which is not the right
way to do.
This patch is using certInitializer in order to do it automatically.
Issue-ID: CCSDK-3141
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5f2e564abd15f685df03be130b3969cad867b0b5
Diffstat (limited to 'kubernetes/cds/components/cds-ui/templates')
-rw-r--r-- | kubernetes/cds/components/cds-ui/templates/deployment.yaml | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml index 1c88f56d99..359c713ed4 100644 --- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml @@ -37,6 +37,9 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.fullname" . }} spec: + {{- if .Values.global.aafEnabled }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -71,12 +74,18 @@ spec: value: "{{ .Values.config.api.processor.grpc.port }}" - name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN value: {{ .Values.config.api.processor.grpc.authToken }} + {{- if .Values.global.aafEnabled }} + - name: KEYSTORE + value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" + - name: PASSPHRASE + value: "{{ .Values.certInitializer.credsPath }}/mycreds.prop" + {{- end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -90,7 +99,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime |