Skip to content
Snippets Groups Projects
Commit 2af7da0f authored by OZGCloud's avatar OZGCloud
Browse files

ozg-2956 use namespace ca

parent eba7db4f
Branches
Tags
No related merge requests found
...@@ -73,14 +73,6 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }} ...@@ -73,14 +73,6 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
{{ printf "dns://%s.%s:9090" .Values.vorgangmanagerName .Release.Namespace }} {{ printf "dns://%s.%s:9090" .Values.vorgangmanagerName .Release.Namespace }}
{{- end -}} {{- end -}}
{{- define "app.databaseTlsCert" -}}
{{- if ((.Values.database).tls).secretName -}}
{{ .Values.database.tls.secretName }}
{{- else -}}
{{ printf "ozg-mongodb-tls-cert" }}
{{- end -}}
{{- end -}}
{{- define "app.databaseSecretName" -}} {{- define "app.databaseSecretName" -}}
{{- if (.Values.database).secretName -}} {{- if (.Values.database).secretName -}}
{{ .Values.database.secretName }} {{ .Values.database.secretName }}
......
...@@ -283,16 +283,16 @@ spec: ...@@ -283,16 +283,16 @@ spec:
subPath: ca.crt subPath: ca.crt
readOnly: true readOnly: true
{{- end }} {{- end }}
- name: mongodb-root-ca
mountPath: "/bindings/ca-certificates/mongodb-root-ca.pem"
subPath: ca.crt
readOnly: true
{{- if not .Values.disableUserManagerGrpcTls }} {{- if not .Values.disableUserManagerGrpcTls }}
- name: user-manager-tls-certificate - name: user-manager-tls-certificate
mountPath: "/bindings/ca-certificates/user-manager-tls-ca.pem" mountPath: "/bindings/ca-certificates/user-manager-tls-ca.pem"
subPath: ca.crt subPath: ca.crt
readOnly: true readOnly: true
{{- end }} {{- end }}
- name: namespace-ca-cert
mountPath: "/bindings/ca-certificates/namespace-root-ca.pem"
subPath: tls.crt
readOnly: true
volumes: volumes:
- name: bindings - name: bindings
configMap: configMap:
...@@ -303,15 +303,14 @@ spec: ...@@ -303,15 +303,14 @@ spec:
secretName: {{ .Values.elasticsearch.certificateSecretName }} secretName: {{ .Values.elasticsearch.certificateSecretName }}
optional: false optional: false
{{- end }} {{- end }}
- name: mongodb-root-ca
secret:
secretName: {{ include "app.databaseTlsCert" . }}
optional: true
{{- if not .Values.disableUserManagerGrpcTls }} {{- if not .Values.disableUserManagerGrpcTls }}
- name: user-manager-tls-certificate - name: user-manager-tls-certificate
secret: secret:
secretName: user-manager-tls-cert secretName: user-manager-tls-cert
{{- end }} {{- end }}
- name: namespace-ca-cert
secret:
secretName: {{ .Release.Namespace }}-ca-cert
dnsConfig: {} dnsConfig: {}
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
imagePullSecrets: imagePullSecrets:
......
...@@ -48,13 +48,6 @@ tests: ...@@ -48,13 +48,6 @@ tests:
content: content:
name: spring_data_mongodb_database name: spring_data_mongodb_database
value: vorgang-manager-database value: vorgang-manager-database
- contains:
path: spec.template.spec.volumes
content:
name: mongodb-root-ca
secret:
secretName: ozg-mongodb-tls-cert
optional: true
- it: check external mongodb - it: check external mongodb
release: release:
...@@ -100,46 +93,3 @@ tests: ...@@ -100,46 +93,3 @@ tests:
content: content:
name: spring_data_mongodb_database name: spring_data_mongodb_database
value: vorgang-manager-database value: vorgang-manager-database
- it: check mongodb root ca mount
release:
name: vorgang-manager
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: mongodb-root-ca
mountPath: "/bindings/ca-certificates/mongodb-root-ca.pem"
subPath: ca.crt
readOnly: true
- contains:
path: spec.template.spec.volumes
content:
name: mongodb-root-ca
secret:
secretName: ozg-mongodb-tls-cert
optional: true
- it: check mongodb tls set tls cert name
release:
name: vorgang-manager
set:
database:
tls:
enabled: true
secretName: secret-tls-cert
asserts:
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: mongodb-root-ca
mountPath: "/bindings/ca-certificates/mongodb-root-ca.pem"
subPath: ca.crt
readOnly: true
- contains:
path: spec.template.spec.volumes
content:
name: mongodb-root-ca
secret:
secretName: secret-tls-cert
optional: true
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment