diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-04-07 17:26:25 +0200 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-09-08 15:24:05 +0200 |
commit | c9f47135f5820c423ed0b6cf295be5a98624a73c (patch) | |
tree | 43ebf5adcc626ff66992e3e41e19ee67b03a0dc2 /kubernetes/common/certInitializer | |
parent | 6b6df44c23816874b9d138825ca1522492fe0a1d (diff) |
[SO] Add TLS configuration for SO API Ingress
Instead of terminating TLS on SO POD, let's terminate it on its Ingress.
This patch uses certInitializer to create the right certificates and put them in
a secret.
This secret is then referenced on SO Ingress.
Issue-ID: SO-3078
Issue-ID: SO-3237
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337
Diffstat (limited to 'kubernetes/common/certInitializer')
-rw-r--r-- | kubernetes/common/certInitializer/templates/job.yaml | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml index 331a58c310..2acb423511 100644 --- a/kubernetes/common/certInitializer/templates/job.yaml +++ b/kubernetes/common/certInitializer/templates/job.yaml @@ -20,12 +20,13 @@ kind: Job {{- $suffix := "set-tls-secret" }} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} spec: + backoffLimit: 20 template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }} containers: - - name: create tls secret + - name: create-tls-secret command: - /ingress/onboard.sh image: {{ include "repositoryGenerator.image.kubectl" . }} @@ -41,4 +42,5 @@ spec: configMap: name: {{ include "common.fullname" . }}-ingress defaultMode: 0777 + restartPolicy: Never {{- end}} |