diff --git a/run_helm_test.sh b/run_helm_test.sh
index b19a9bc7c3072044dff8f0fb54c04c29acc3fbf6..ccc03d0fb89a1d2eb4c637c7d5f68ffd283051e7 100755
--- a/run_helm_test.sh
+++ b/run_helm_test.sh
@@ -4,4 +4,4 @@ set -e
helm template ./src/main/helm/ -f src/test/helm-linter-values.yaml
helm lint -f src/test/helm-linter-values.yaml ./src/main/helm/
-cd src/main/helm && helm unittest -f '../../test/helm/**/*test.yaml' .
\ No newline at end of file
+cd src/main/helm && helm unittest -f '../../test/helm/**/*.yaml' .
\ No newline at end of file
diff --git a/src/main/helm/templates/bindings_type_configmap.yaml b/src/main/helm/templates/bindings_type_configmap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8e4fbacefd484339668748edd53d0f4503a14ac5
--- /dev/null
+++ b/src/main/helm/templates/bindings_type_configmap.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-bindings-type
+ namespace: {{ include "app.namespace" . }}
+data:
+ type: |
+ ca-certificates
\ No newline at end of file
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index c7e9bcd8833a52f0e9f1bd7d747ccaadcaf971f3..b3bfd90e14e00c464ea72646affc1408ee4f9923 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -59,6 +59,8 @@ spec:
app.kubernetes.io/name: {{ .Release.Name }}
containers:
- env:
+ - name: SERVICE_BINDING_ROOT
+ value: "/bindings"
{{- range (.Values.env).grpc }}
- name: {{ .name }}
value: {{ .value }}
@@ -79,7 +81,7 @@ spec:
- name: grpc_client_vorgang-manager-{{ (.Values.routing).targetVorgangManagerName}}_address
value: 'vorgang-manager.{{ coalesce (.Values.routing).targetNamespace .Release.Namespace }}:9090'
- name: grpc_client_vorgang-manager-{{ (.Values.routing).targetVorgangManagerName}}_negotiationType
- value: {{ (.Values.routing).negotiationType | default "PLAINTEXT" }}
+ value: {{ (.Values.routing).negotiationType | default "TLS" }}
{{- end }}
{{- with include "app.getCustomList" . }}
{{ . | indent 8 }}
@@ -150,9 +152,23 @@ spec:
volumeMounts:
- name: temp-dir
mountPath: "/tmp"
+ - name: namespace-ca-cert
+ mountPath: "/bindings/namespace-certificate"
+ readOnly: true
volumes:
- name: temp-dir
emptyDir: {}
+ - name: namespace-ca-cert
+ projected:
+ sources:
+ - secret:
+ name: {{ include "app.namespace" . }}-ca-cert
+ optional: true
+ items:
+ - key: ca.crt
+ path: ca.crt
+ - configMap:
+ name: {{ .Release.Name }}-bindings-type
dnsConfig: {}
dnsPolicy: ClusterFirst
imagePullSecrets:
diff --git a/src/test/helm/bindings_type_test.yaml b/src/test/helm/bindings_type_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f0fa5ade329232c346f328205e67e54f03e1f262
--- /dev/null
+++ b/src/test/helm/bindings_type_test.yaml
@@ -0,0 +1,46 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test bindings type configmap
+templates:
+ - templates/bindings_type_configmap.yaml
+release:
+ name: eingang-manager
+ namespace: sh-helm-test
+tests:
+ - it: xta bindings type
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - isAPIVersion:
+ of: v1
+ - equal:
+ path: metadata.name
+ value: eingang-manager-bindings-type
+ - equal:
+ path: metadata.namespace
+ value: sh-helm-test
+ - equal:
+ path: data.type
+ value: ca-certificates
diff --git a/src/test/helm/deployment_bindings_test.yaml b/src/test/helm/deployment_bindings_test.yaml
index 6e48055b01e611b36369c432835f085bebc69b3c..f4e0f24ea4f4e017b21eb33eb0f331ca415a6346 100644
--- a/src/test/helm/deployment_bindings_test.yaml
+++ b/src/test/helm/deployment_bindings_test.yaml
@@ -25,6 +25,9 @@
suite: deployment bindings
templates:
- templates/deployment.yaml
+release:
+ name: eingang-manager
+ namespace: sh-helm-test
set:
ozgcloud.environment: test
imagePullSecret: image-pull-secret
@@ -45,3 +48,28 @@ tests:
name: temp-dir
emptyDir: {}
+ - it: should have projected namespace-ca-cert volume
+ asserts:
+ - contains:
+ path: spec.template.spec.volumes
+ content:
+ name: namespace-ca-cert
+ projected:
+ sources:
+ - secret:
+ name: sh-helm-test-ca-cert
+ optional: true
+ items:
+ - key: ca.crt
+ path: ca.crt
+ - configMap:
+ name: eingang-manager-bindings-type
+
+ - it: should have namespace-ca-cert volume mount
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[0].volumeMounts
+ content:
+ name: namespace-ca-cert
+ mountPath: "/bindings/namespace-certificate"
+ readOnly: true
\ No newline at end of file
diff --git a/src/test/helm/deployment_routing_strategy_env.yaml b/src/test/helm/deployment_routing_strategy_env.yaml
index dc9ae515b3ad4c3c4ae977d4700736ff1f6633dc..cd24633dbc3eed6ed59ccd58b70dbf4397b847a1 100644
--- a/src/test/helm/deployment_routing_strategy_env.yaml
+++ b/src/test/helm/deployment_routing_strategy_env.yaml
@@ -49,13 +49,13 @@ tests:
path: spec.template.spec.containers[0].env
content:
name: grpc_client_vorgang-manager-vorgang-manager_negotiationType
- value: PLAINTEXT
+ value: TLS
- it: validate routing infos
set:
routing:
routingStrategy: MULTI
fallbackStrategy: FUNDSTELLE
- negotiationType: TLS
+ negotiationType: PLAINTEXT
asserts:
- contains:
path: spec.template.spec.containers[0].env
@@ -71,4 +71,4 @@ tests:
path: spec.template.spec.containers[0].env
content:
name: grpc_client_vorgang-manager-vorgang-manager_negotiationType
- value: TLS
\ No newline at end of file
+ value: PLAINTEXT
\ No newline at end of file