software-engineering/zitadel-k8s-operator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add certs to deployment

Browse Source 
[ZITADOPER-1]
This commit is contained in:
Haim Kortovich
2024-05-28 12:18:40 -05:00
parent 5d8bf994e8
commit 2fb58abd75
1 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/pkg/builder/deployment_builder.go
View File

@@ -56,12 +56,20 @@ func (b *Builder) buildDepPodTemplate(zitadel *zitadelv1alpha1.ZitadelCluster, l
WithAnnotations(zitadel.Spec.PodAnnotations).
Build()
group := int64(0)
mode := int32(0444)
return &corev1.PodTemplateSpec{
ObjectMeta: objMeta,
Spec: corev1.PodSpec{
SecurityContext: &corev1.PodSecurityContext{FSGroup: &group},
Containers: *b.buildDepContainers(zitadel),
Volumes: []corev1.Volume{
{Name: "certs", VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: zitadel.Spec.RootTLSSecret.Name,
DefaultMode: &mode,
},
}},
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
},
},
@@ -100,6 +108,32 @@ func (b *Builder) buildDepContainers(zitadel *zitadelv1alpha1.ZitadelCluster) *[
Name: "ZITADEL_MASTERKEY",
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}},
},
{
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
Value: "/certs/ca.crt",
},
{
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
Value: "/certs/tls.crt",
},
{
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
Value: "/certs/tls.key",
},
{
Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
Value: "/certs/ca.crt",
},
{
Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
Value: "/certs/tls.crt",
},
{
Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
Value: "/certs/tls.key",
},
},
Ports: []corev1.ContainerPort{
{Name: deployment.ZitadelName, ContainerPort: deployment.ZitadelPort},
@@ -119,6 +153,7 @@ func (b *Builder) buildDepContainers(zitadel *zitadelv1alpha1.ZitadelCluster) *[
Resources: zitadel.Spec.Resources,
VolumeMounts: []corev1.VolumeMount{
{Name: "zitadel-config-yaml", MountPath: "/config"},
{Name: "certs", MountPath: "/certs"},
},
},
}