diff --git a/alfa-server/src/main/resources/application-local.yml b/alfa-server/src/main/resources/application-local.yml index 961e14d6fa3f44e0a1382e4b26c924e1fe0fd2d2..a0ed2b50fa6eb31acfb21af7156aa2c0590a7cc9 100644 --- a/alfa-server/src/main/resources/application-local.yml +++ b/alfa-server/src/main/resources/application-local.yml @@ -12,6 +12,8 @@ grpc: user-manager: address: static://127.0.0.1:9000 negotiationType: PLAINTEXT + vorgang-manager: + negotiationType: PLAINTEXT ozgcloud: feature: diff --git a/alfa-server/src/main/resources/application.yml b/alfa-server/src/main/resources/application.yml index 37fafad40ea8fb37e5177621ffb398ff756ccb16..8e17178fea49083f2e1a5035d0b27d50c6670e50 100644 --- a/alfa-server/src/main/resources/application.yml +++ b/alfa-server/src/main/resources/application.yml @@ -57,7 +57,7 @@ grpc: client: vorgang-manager: address: static://127.0.0.1:9090 - negotiationType: PLAINTEXT + negotiationType: TLS user-manager: address: static://127.0.0.1:9000 negotiationType: TLS diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml index 4a3d38c9b4ff9fc0e3183840d1554b666112e25c..cad88f7ba2e55da7b791497853c8ff633af6aaac 100644 --- a/src/main/helm/templates/deployment.yaml +++ b/src/main/helm/templates/deployment.yaml @@ -72,6 +72,8 @@ spec: value: "/bindings" - name: grpc_client_vorgang-manager_address value: {{ include "app.grpc_client_vorgang_manager_address" . }} + - name: grpc_client_vorgang-manager_negotiationType + value: {{ (.Values.vorgangManager).grpcClientNegotiationType | default "TLS" }} - name: grpc_client_user-manager_address value: {{ include "app.grpc_client_user-manager_address" . }} - name: grpc_client_user-manager_negotiationType @@ -176,12 +178,6 @@ spec: mountPath: "/bindings/ca-certificates/type" subPath: type readOnly: true - {{- if not .Values.disableUserManagerGrpcTls }} - - name: user-manager-tls-certificate - mountPath: "/bindings/ca-certificates/user-manager-tls-ca.pem" - subPath: ca.crt - readOnly: true - {{- end }} - name: temp-dir mountPath: "/tmp" {{- if (.Values.sso).tlsCertName }} @@ -190,15 +186,13 @@ spec: subPath: tls.crt readOnly: true {{- end }} + - name: namespace-ca-cert + mountPath: "/bindings/namespace-certificate" + readOnly: true volumes: - name: bindings configMap: name: alfa-bindings-type - {{- if not .Values.disableUserManagerGrpcTls }} - - name: user-manager-tls-certificate - secret: - secretName: user-manager-tls-cert - {{- end }} - name: temp-dir emptyDir: {} {{- if (.Values.sso).tlsCertName }} @@ -206,6 +200,17 @@ spec: secret: secretName: {{ .Values.sso.tlsCertName }} {{- end }} + - name: namespace-ca-cert + projected: + sources: + - secret: + name: {{ include "app.namespace" . }}-ca-cert + optional: true + items: + - key: ca.crt + path: ca.crt + - configMap: + name: alfa-bindings-type dnsConfig: {} dnsPolicy: ClusterFirst imagePullSecrets: diff --git a/src/test/helm/deployment_bindings_test.yaml b/src/test/helm/deployment_bindings_test.yaml index aca352c23e4dc350e919c0eb8d3bb45cd79ec40c..91c7626679c859414ff092714b8b21f69796c7df 100644 --- a/src/test/helm/deployment_bindings_test.yaml +++ b/src/test/helm/deployment_bindings_test.yaml @@ -38,9 +38,9 @@ set: baseUrl: test.company.local imagePullSecret: image-pull-secret tests: - - it: should have volumes - set: - usermanagerName: user-manager + - it: should have volume mounts + set: + usermanagerName: user-manager asserts: - contains: path: spec.template.spec.containers[0].volumeMounts @@ -49,13 +49,6 @@ tests: mountPath: "/bindings/ca-certificates/type" subPath: type readOnly: true - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: user-manager-tls-certificate - mountPath: "/bindings/ca-certificates/user-manager-tls-ca.pem" - subPath: ca.crt - readOnly: true - contains: path: spec.template.spec.containers[0].volumeMounts content: @@ -68,9 +61,15 @@ tests: mountPath: "/bindings/ca-certificates/ssl-tls-ca.pem" subPath: ca.crt readOnly: true - - it: should have volume mounts - set: - usermanagerName: user-manager + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: namespace-ca-cert + mountPath: "/bindings/namespace-certificate" + readOnly: true + - it: should have volumes + set: + usermanagerName: user-manager asserts: - contains: path: spec.template.spec.volumes @@ -78,12 +77,6 @@ tests: name: bindings configMap: name: alfa-bindings-type - - contains: - path: spec.template.spec.volumes - content: - name: user-manager-tls-certificate - secret: - secretName: user-manager-tls-cert - contains: path: spec.template.spec.volumes content: @@ -93,6 +86,20 @@ tests: path: spec.template.spec.volumes content: name: sso-tls-certificate + - contains: + path: spec.template.spec.volumes + content: + name: namespace-ca-cert + projected: + sources: + - secret: + items: + - key: ca.crt + path: ca.crt + name: sh-helm-test-ca-cert + optional: true + - configMap: + name: alfa-bindings-type - it: should have sso tls cert mount set: usermanagerName: user-manager diff --git a/src/test/helm/deployment_defaults_env_test.yaml b/src/test/helm/deployment_defaults_env_test.yaml index f2b46cc3dcd95eac18f2a1286f97a83034992141..99d108c95f63fc674e22cf2cc369af4db57c0ae5 100644 --- a/src/test/helm/deployment_defaults_env_test.yaml +++ b/src/test/helm/deployment_defaults_env_test.yaml @@ -132,3 +132,21 @@ tests: content: name: grpc_client_user-manager_negotiationType value: TLS + + - it: should set vorgang-manager negotiationType plaintext + set: + vorgangManager.grpcClientNegotiationType: PLAINTEXT + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: grpc_client_vorgang-manager_negotiationType + value: PLAINTEXT + + - it: should contain default vorgang-manager negotiationType tls + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: grpc_client_vorgang-manager_negotiationType + value: TLS