summaryrefslogtreecommitdiffstats
path: root/kubernetes/msb/components/msb-iag/templates/deployment.yaml
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-11-02 18:21:11 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-16 08:49:17 +0100
commit55af648d55ec228006bd44928e812bbdd52fb1cf (patch)
tree2d381615730bcf5908307da7d603dd7a8af41743 /kubernetes/msb/components/msb-iag/templates/deployment.yaml
parentef766403ef1436c9462c2c00da83a8b29fca3b53 (diff)
[MSB] Use certInitializer for MSB
MSB is currently using an hardcoded certificate. In order to follow SECOMMON requirements, let's use a freshly generated certificate instead Issue-ID: MSB-521 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
Diffstat (limited to 'kubernetes/msb/components/msb-iag/templates/deployment.yaml')
-rw-r--r--kubernetes/msb/components/msb-iag/templates/deployment.yaml21
1 files changed, 10 insertions, 11 deletions
diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml
index 00dc6b69b3..7bae325b1e 100644
--- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml
+++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,6 +39,7 @@ spec:
spec:
serviceAccountName: msb
initContainers:
+ {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- /app/ready.py
args:
@@ -83,19 +85,15 @@ spec:
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
+ {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - name: {{ include "common.fullname" . }}-cert
- mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt
- readOnly: true
- subPath: "cert.crt"
- - name: {{ include "common.fullname" . }}-cert
- mountPath: /usr/local/openresty/nginx/html/cert/ca.crt
- readOnly: true
- subPath: "ca.crt"
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
+ name: {{ include "common.fullname" . }}-nginx-conf
+ subPath: msbhttps.conf
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -122,12 +120,13 @@ spec:
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
volumes:
- - name: {{ include "common.fullname" . }}-cert
- secret:
- secretName: {{ include "common.release" . }}-msb-https-cert
+ {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-nginx-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-nginx
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-msb-filebeat-configmap