Add certs to deployment
[ZITADOPER-1]
This commit is contained in:
Haim Kortovich
@@ -56,12 +56,20 @@ func (b *Builder) buildDepPodTemplate(zitadel *zitadelv1alpha1.ZitadelCluster, l
|
|||||||
WithAnnotations(zitadel.Spec.PodAnnotations).
|
WithAnnotations(zitadel.Spec.PodAnnotations).
|
||||||
Build()
|
Build()
|
||||||
group := int64(0)
|
group := int64(0)
|
||||||
|
|
||||||
|
mode := int32(0444)
|
||||||
return &corev1.PodTemplateSpec{
|
return &corev1.PodTemplateSpec{
|
||||||
ObjectMeta: objMeta,
|
ObjectMeta: objMeta,
|
||||||
Spec: corev1.PodSpec{
|
Spec: corev1.PodSpec{
|
||||||
SecurityContext: &corev1.PodSecurityContext{FSGroup: &group},
|
SecurityContext: &corev1.PodSecurityContext{FSGroup: &group},
|
||||||
Containers: *b.buildDepContainers(zitadel),
|
Containers: *b.buildDepContainers(zitadel),
|
||||||
Volumes: []corev1.Volume{
|
Volumes: []corev1.Volume{
|
||||||
|
{Name: "certs", VolumeSource: corev1.VolumeSource{
|
||||||
|
Secret: &corev1.SecretVolumeSource{
|
||||||
|
SecretName: zitadel.Spec.RootTLSSecret.Name,
|
||||||
|
DefaultMode: &mode,
|
||||||
|
},
|
||||||
|
}},
|
||||||
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@@ -100,6 +108,32 @@ func (b *Builder) buildDepContainers(zitadel *zitadelv1alpha1.ZitadelCluster) *[
|
|||||||
Name: "ZITADEL_MASTERKEY",
|
Name: "ZITADEL_MASTERKEY",
|
||||||
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}},
|
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
{
|
||||||
|
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
|
||||||
|
Value: "/certs/ca.crt",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
|
||||||
|
Value: "/certs/tls.crt",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
|
||||||
|
Value: "/certs/tls.key",
|
||||||
|
},
|
||||||
|
|
||||||
|
{
|
||||||
|
Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
|
||||||
|
Value: "/certs/ca.crt",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
|
||||||
|
Value: "/certs/tls.crt",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
|
||||||
|
Value: "/certs/tls.key",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Ports: []corev1.ContainerPort{
|
Ports: []corev1.ContainerPort{
|
||||||
{Name: deployment.ZitadelName, ContainerPort: deployment.ZitadelPort},
|
{Name: deployment.ZitadelName, ContainerPort: deployment.ZitadelPort},
|
||||||
@@ -119,6 +153,7 @@ func (b *Builder) buildDepContainers(zitadel *zitadelv1alpha1.ZitadelCluster) *[
|
|||||||
Resources: zitadel.Spec.Resources,
|
Resources: zitadel.Spec.Resources,
|
||||||
VolumeMounts: []corev1.VolumeMount{
|
VolumeMounts: []corev1.VolumeMount{
|
||||||
{Name: "zitadel-config-yaml", MountPath: "/config"},
|
{Name: "zitadel-config-yaml", MountPath: "/config"},
|
||||||
|
{Name: "certs", MountPath: "/certs"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user