Mount file 444
[ZITADOPER-1]
This commit is contained in:
Haim Kortovich
@@ -20,6 +20,7 @@ func (b *Builder) BuildInitJob(zitadel *zitadelv1alpha1.ZitadelCluster, key type
|
|||||||
runAsNonRoot := true
|
runAsNonRoot := true
|
||||||
enableServiceLinks := false
|
enableServiceLinks := false
|
||||||
user := int64(1000)
|
user := int64(1000)
|
||||||
|
mode := int32(444)
|
||||||
initJob := &batchv1.Job{
|
initJob := &batchv1.Job{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: key.Name,
|
Name: key.Name,
|
||||||
@@ -40,6 +41,7 @@ func (b *Builder) BuildInitJob(zitadel *zitadelv1alpha1.ZitadelCluster, key type
|
|||||||
{Name: "certs", VolumeSource: corev1.VolumeSource{
|
{Name: "certs", VolumeSource: corev1.VolumeSource{
|
||||||
Secret: &corev1.SecretVolumeSource{
|
Secret: &corev1.SecretVolumeSource{
|
||||||
SecretName: zitadel.Spec.RootTLSSecret.Name,
|
SecretName: zitadel.Spec.RootTLSSecret.Name,
|
||||||
|
DefaultMode: &mode,
|
||||||
},
|
},
|
||||||
}},
|
}},
|
||||||
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
||||||
@@ -89,6 +91,7 @@ func (b *Builder) BuildSetupJob(zitadel *zitadelv1alpha1.ZitadelCluster, key typ
|
|||||||
runAsNonRoot := true
|
runAsNonRoot := true
|
||||||
enableServiceLinks := false
|
enableServiceLinks := false
|
||||||
user := int64(1000)
|
user := int64(1000)
|
||||||
|
mode := int32(444)
|
||||||
setupJob := &batchv1.Job{
|
setupJob := &batchv1.Job{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: key.Name,
|
Name: key.Name,
|
||||||
@@ -106,6 +109,12 @@ func (b *Builder) BuildSetupJob(zitadel *zitadelv1alpha1.ZitadelCluster, key typ
|
|||||||
},
|
},
|
||||||
EnableServiceLinks: &enableServiceLinks,
|
EnableServiceLinks: &enableServiceLinks,
|
||||||
Volumes: []corev1.Volume{
|
Volumes: []corev1.Volume{
|
||||||
|
{Name: "certs", VolumeSource: corev1.VolumeSource{
|
||||||
|
Secret: &corev1.SecretVolumeSource{
|
||||||
|
SecretName: zitadel.Spec.RootTLSSecret.Name,
|
||||||
|
DefaultMode: &mode,
|
||||||
|
},
|
||||||
|
}},
|
||||||
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
||||||
},
|
},
|
||||||
Containers: []corev1.Container{
|
Containers: []corev1.Container{
|
||||||
@@ -129,9 +138,22 @@ func (b *Builder) BuildSetupJob(zitadel *zitadelv1alpha1.ZitadelCluster, key typ
|
|||||||
Name: "ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH",
|
Name: "ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH",
|
||||||
Value: "/machinekey/sa.json",
|
Value: "/machinekey/sa.json",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
|
||||||
|
Value: "/certs/ca.crt",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
|
||||||
|
Value: "/certs/tls.crt",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
|
||||||
|
Value: "/certs/tls.key",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
VolumeMounts: []corev1.VolumeMount{
|
VolumeMounts: []corev1.VolumeMount{
|
||||||
{Name: "zitadel-config-yaml", MountPath: "/config"},
|
{Name: "zitadel-config-yaml", MountPath: "/config"},
|
||||||
|
{Name: "certs", MountPath: "/certs"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|||||||
Reference in New Issue
Block a user