aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/aai/templates
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/aai/templates')
-rw-r--r--kubernetes/aai/templates/configmap.yaml30
-rw-r--r--kubernetes/aai/templates/deployment.yaml12
-rw-r--r--kubernetes/aai/templates/secret.yaml14
3 files changed, 52 insertions, 4 deletions
diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
index a23ed5fdc7..651bf8dbba 100644
--- a/kubernetes/aai/templates/configmap.yaml
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -72,4 +72,32 @@ type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
-
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-fproxy-auth-certs
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-rproxy-auth-certs
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 1f337e4374..8c107303ac 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -70,6 +70,9 @@ spec:
subPath: haproxy.cfg
{{ end }}
name: haproxy-cfg
+ - mountPath: /etc/ssl/private/aai.pem
+ name: aai-pem
+ subPath: aai.pem
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
@@ -101,14 +104,14 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
volumes:
@@ -121,5 +124,8 @@ spec:
- name: haproxy-cfg
configMap:
name: aai-deployment-configmap
+ - name: aai-pem
+ secret:
+ secretName: aai-haproxy-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/secret.yaml b/kubernetes/aai/templates/secret.yaml
index 8d00a9d41c..f01f11df78 100644
--- a/kubernetes/aai/templates/secret.yaml
+++ b/kubernetes/aai/templates/secret.yaml
@@ -17,6 +17,20 @@ kind: Secret
metadata:
name: aai-common-aai-auth
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-common-truststore
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}