From c9f47135f5820c423ed0b6cf295be5a98624a73c Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Wed, 7 Apr 2021 17:26:25 +0200 Subject: [SO] Add TLS configuration for SO API Ingress Instead of terminating TLS on SO POD, let's terminate it on its Ingress. This patch uses certInitializer to create the right certificates and put them in a secret. This secret is then referenced on SO Ingress. Issue-ID: SO-3078 Issue-ID: SO-3237 Signed-off-by: Sylvain Desbureaux Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337 --- kubernetes/common/certInitializer/templates/job.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'kubernetes/common/certInitializer/templates') diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml index 331a58c310..2acb423511 100644 --- a/kubernetes/common/certInitializer/templates/job.yaml +++ b/kubernetes/common/certInitializer/templates/job.yaml @@ -20,12 +20,13 @@ kind: Job {{- $suffix := "set-tls-secret" }} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} spec: + backoffLimit: 20 template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }} containers: - - name: create tls secret + - name: create-tls-secret command: - /ingress/onboard.sh image: {{ include "repositoryGenerator.image.kubectl" . }} @@ -41,4 +42,5 @@ spec: configMap: name: {{ include "common.fullname" . }}-ingress defaultMode: 0777 + restartPolicy: Never {{- end}} -- cgit 1.2.3-korg