ozg-2956 use namespace ca

src/main/helm/templates/_helpers.tpl

@@ -73,14 +73,6 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{ printf "dns://%s.%s:9090" .Values.vorgangmanagerName .Release.Namespace }}
 {{- end -}}
 
-{{- define "app.databaseTlsCert" -}}
-{{- if ((.Values.database).tls).secretName -}}
-{{  .Values.database.tls.secretName }}
-{{- else -}}
-{{  printf "ozg-mongodb-tls-cert" }}
-{{- end -}}
-{{- end -}}
-
 {{- define "app.databaseSecretName" -}}
 {{- if (.Values.database).secretName -}}
 {{  .Values.database.secretName }}

src/main/helm/templates/deployment.yaml

@@ -283,16 +283,16 @@ spec:
             subPath: ca.crt
             readOnly: true
           {{- end }}
-          - name: mongodb-root-ca
-            mountPath: "/bindings/ca-certificates/mongodb-root-ca.pem"
-            subPath: ca.crt
-            readOnly: true
           {{- if not .Values.disableUserManagerGrpcTls }}
           - name: user-manager-tls-certificate
             mountPath: "/bindings/ca-certificates/user-manager-tls-ca.pem"
             subPath: ca.crt
             readOnly: true
           {{- end }}
+          - name: namespace-ca-cert
+            mountPath: "/bindings/ca-certificates/namespace-root-ca.pem"
+            subPath: tls.crt
+            readOnly: true
       volumes:
         - name: bindings
           configMap:
@@ -303,15 +303,14 @@ spec:
             secretName: {{ .Values.elasticsearch.certificateSecretName }}
             optional: false
         {{- end }}
-        - name: mongodb-root-ca
-          secret:
-            secretName: {{ include "app.databaseTlsCert" . }}
-            optional: true
         {{- if not .Values.disableUserManagerGrpcTls }}
         - name: user-manager-tls-certificate
           secret:
              secretName: user-manager-tls-cert
         {{- end }}
+        - name: namespace-ca-cert
+          secret:
+            secretName: {{ .Release.Namespace }}-ca-cert
       dnsConfig: {}
       dnsPolicy: ClusterFirst
       imagePullSecrets:

src/test/helm/deployment_mongodb_test.yaml

@@ -48,13 +48,6 @@ tests:
           content:
             name: spring_data_mongodb_database
             value: vorgang-manager-database
-      - contains:
-          path: spec.template.spec.volumes
-          content:
-            name: mongodb-root-ca
-            secret:
-              secretName: ozg-mongodb-tls-cert
-              optional: true
 
   - it: check external mongodb
     release:
@@ -100,46 +93,3 @@ tests:
           content:
             name: spring_data_mongodb_database
             value: vorgang-manager-database
-
-  - it: check mongodb root ca mount   
-    release:
-      name: vorgang-manager
-    asserts:
-      - contains:
-          path: spec.template.spec.containers[0].volumeMounts
-          content:
-            name: mongodb-root-ca
-            mountPath: "/bindings/ca-certificates/mongodb-root-ca.pem"
-            subPath: ca.crt
-            readOnly: true
-      - contains:
-          path: spec.template.spec.volumes
-          content:
-            name: mongodb-root-ca
-            secret:
-              secretName: ozg-mongodb-tls-cert
-              optional: true
-
-  - it: check mongodb tls set tls cert name
-    release:
-      name: vorgang-manager
-    set:
-      database:
-        tls:
-          enabled: true
-          secretName: secret-tls-cert
-    asserts:
-      - contains:
-          path: spec.template.spec.containers[0].volumeMounts
-          content:
-            name: mongodb-root-ca
-            mountPath: "/bindings/ca-certificates/mongodb-root-ca.pem"
-            subPath: ca.crt
-            readOnly: true
-      - contains:
-          path: spec.template.spec.volumes
-          content:
-            name: mongodb-root-ca
-            secret:
-              secretName: secret-tls-cert
-              optional: true
\ No newline at end of file