ozg-3938 use projected volume

src/main/helm/templates/deployment.yaml

@@ -312,16 +312,10 @@ spec:
             readOnly: true
           {{- end }}
           - name: namespace-ca-cert
-            mountPath: "/bindings/ca-certificates/namespace-root-ca.pem"
-            subPath: tls.crt
+            mountPath: "/bindings/namespace-certificate"
             readOnly: true
           - name: vorgang-manager-grpc-tls-cert
-            mountPath: "/grpc-tls/cert.pem"
-            subPath: tls.crt
-            readOnly: true
-          - name: vorgang-manager-grpc-tls-cert
-            mountPath: "/grpc-tls/key.pem"
-            subPath: tls.key
+            mountPath: "/grpc-tls"
             readOnly: true
       volumes:
         - name: bindings
@@ -343,8 +337,16 @@ spec:
             secretName: vorgang-manager-grpc-tls-cert
             optional: true
         - name: namespace-ca-cert
-          secret:
-            secretName: {{ include "app.namespace" . }}-ca-cert
+          projected:
+            sources:
+            - secret:
+                name: {{ include "app.namespace" . }}-ca-cert
+                optional: true
+                items:
+                  - key: ca.crt
+                    path: ca.crt
+            - configMap:
+                name: bindings-type
       dnsConfig: {}
       dnsPolicy: ClusterFirst
       imagePullSecrets:

src/test/helm/deployment_grpc_tls_test.yaml

@@ -31,6 +31,7 @@ templates:
 set:
   ozgcloud:
     environment: test
+  imagePullSecret: test-image-pull-secret
 tests:
   - it: should have volume for grpc-tls-cert
     template: deployment.yaml
@@ -49,18 +50,7 @@ tests:
           path: spec.template.spec.containers[0].volumeMounts
           content:
             name: vorgang-manager-grpc-tls-cert
-            mountPath: "/grpc-tls/cert.pem"
-            subPath: tls.crt
-            readOnly: true
-  - it: should have volume mount for grpc-tls-cert key
-    template: deployment.yaml
-    asserts:
-      - contains:
-          path: spec.template.spec.containers[0].volumeMounts
-          content:
-            name: vorgang-manager-grpc-tls-cert
-            mountPath: "/grpc-tls/key.pem"
-            subPath: tls.key
+            mountPath: /grpc-tls
             readOnly: true
   - it: should have volume for namespace ca-cert
     template: deployment.yaml
@@ -69,8 +59,16 @@ tests:
            path: spec.template.spec.volumes
            content:
               name: namespace-ca-cert
-              secret:
-                 secretName: sh-helm-test-ca-cert
+              projected:
+                sources:
+                  - secret:
+                      items:
+                        - key: ca.crt
+                          path: ca.crt
+                      name: sh-helm-test-ca-cert
+                      optional: true
+                  - configMap:
+                      name: bindings-type
   - it: should have volume mount for namespace ca-cert
     template: deployment.yaml
     asserts:
@@ -78,8 +76,7 @@ tests:
           path: spec.template.spec.containers[0].volumeMounts
           content:
             name: namespace-ca-cert
-            mountPath: "/bindings/ca-certificates/namespace-root-ca.pem"
-            subPath: tls.crt
+            mountPath: "/bindings/namespace-certificate"
             readOnly: true
   - it: should not contain grpc_server_security_enabled env
     asserts:

vorgang-manager-server/src/main/resources/application.yml

@@ -40,8 +40,8 @@ grpc:
   server:
     security:
       enabled: true
-      certificate-chain: file:/grpc-tls/cert.pem
-      private-key: file:/grpc-tls/key.pem
+      certificate-chain: file:/grpc-tls/tls.crt
+      private-key: file:/grpc-tls/tls.key
 
 management:
   server: