diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-11-02 18:21:11 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-16 08:49:17 +0100 |
commit | 55af648d55ec228006bd44928e812bbdd52fb1cf (patch) | |
tree | 2d381615730bcf5908307da7d603dd7a8af41743 /kubernetes/msb/components/msb-iag/templates/deployment.yaml | |
parent | ef766403ef1436c9462c2c00da83a8b29fca3b53 (diff) |
[MSB] Use certInitializer for MSB
MSB is currently using an hardcoded certificate. In order to follow
SECOMMON requirements, let's use a freshly generated certificate instead
Issue-ID: MSB-521
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
Diffstat (limited to 'kubernetes/msb/components/msb-iag/templates/deployment.yaml')
-rw-r--r-- | kubernetes/msb/components/msb-iag/templates/deployment.yaml | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml index 00dc6b69b3..7bae325b1e 100644 --- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,6 +39,7 @@ spec: spec: serviceAccountName: msb initContainers: + {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: - /app/ready.py args: @@ -83,19 +85,15 @@ spec: - name: ROUTE_LABELS value: {{ .Values.config.routeLabels }} volumeMounts: + {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }} - mountPath: /etc/localtime name: localtime readOnly: true - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt - readOnly: true - subPath: "cert.crt" - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/html/cert/ca.crt - readOnly: true - subPath: "ca.crt" - mountPath: /usr/local/apiroute-works/logs name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf + name: {{ include "common.fullname" . }}-nginx-conf + subPath: msbhttps.conf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -122,12 +120,13 @@ spec: name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml volumes: - - name: {{ include "common.fullname" . }}-cert - secret: - secretName: {{ include "common.release" . }}-msb-https-cert + {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-nginx-conf + configMap: + name: {{ include "common.fullname" . }}-nginx - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-msb-filebeat-configmap |