[MSB] Use certInitializer for MSB
MSB is currently using an hardcoded certificate. In order to follow
SECOMMON requirements, let's use a freshly generated certificate instead
Issue-ID: MSB-521
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
diff --git a/kubernetes/msb/components/msb-eag/templates/configmap.yaml b/kubernetes/msb/components/msb-eag/templates/configmap.yaml
index 33c77e5..30c0a80 100644
--- a/kubernetes/msb/components/msb-eag/templates/configmap.yaml
+++ b/kubernetes/msb/components/msb-eag/templates/configmap.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,3 +21,11 @@
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-nginx
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml
index 36cb13d..113a174 100644
--- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml
+++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,6 +39,7 @@
spec:
serviceAccountName: msb
initContainers:
+ {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- /app/ready.py
args:
@@ -83,19 +85,15 @@
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
+ {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - name: {{ include "common.fullname" . }}-cert
- mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt
- readOnly: true
- subPath: "cert.crt"
- - name: {{ include "common.fullname" . }}-cert
- mountPath: /usr/local/openresty/nginx/html/cert/ca.crt
- readOnly: true
- subPath: "ca.crt"
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
+ name: {{ include "common.fullname" . }}-nginx-conf
+ subPath: msbhttps.conf
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -122,12 +120,13 @@
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
volumes:
- - name: {{ include "common.fullname" . }}-cert
- secret:
- secretName: {{ include "common.release" . }}-msb-https-cert
+ {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-nginx-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-nginx
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-msb-filebeat-configmap