diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index aadf0568c11c7f226da01f719f2b82bb50e0f317..ece9546f8521a6e99c3d0c7f8aa52de2794d89bf 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -312,16 +312,10 @@ spec:
readOnly: true
{{- end }}
- name: namespace-ca-cert
- mountPath: "/bindings/ca-certificates/namespace-root-ca.pem"
- subPath: tls.crt
+ mountPath: "/bindings/namespace-certificate"
readOnly: true
- name: vorgang-manager-grpc-tls-cert
- mountPath: "/grpc-tls/cert.pem"
- subPath: tls.crt
- readOnly: true
- - name: vorgang-manager-grpc-tls-cert
- mountPath: "/grpc-tls/key.pem"
- subPath: tls.key
+ mountPath: "/grpc-tls"
readOnly: true
volumes:
- name: bindings
@@ -343,8 +337,16 @@ spec:
secretName: vorgang-manager-grpc-tls-cert
optional: true
- name: namespace-ca-cert
- secret:
- secretName: {{ include "app.namespace" . }}-ca-cert
+ projected:
+ sources:
+ - secret:
+ name: {{ include "app.namespace" . }}-ca-cert
+ optional: true
+ items:
+ - key: ca.crt
+ path: ca.crt
+ - configMap:
+ name: bindings-type
dnsConfig: {}
dnsPolicy: ClusterFirst
imagePullSecrets:
diff --git a/src/test/helm/deployment_grpc_tls_test.yaml b/src/test/helm/deployment_grpc_tls_test.yaml
index 2004d551f620d72f612b43522acbf9f93f5eac05..91494cfe62d56ef514d6446fa88271ef437079a1 100644
--- a/src/test/helm/deployment_grpc_tls_test.yaml
+++ b/src/test/helm/deployment_grpc_tls_test.yaml
@@ -31,6 +31,7 @@ templates:
set:
ozgcloud:
environment: test
+ imagePullSecret: test-image-pull-secret
tests:
- it: should have volume for grpc-tls-cert
template: deployment.yaml
@@ -49,18 +50,7 @@ tests:
path: spec.template.spec.containers[0].volumeMounts
content:
name: vorgang-manager-grpc-tls-cert
- mountPath: "/grpc-tls/cert.pem"
- subPath: tls.crt
- readOnly: true
- - it: should have volume mount for grpc-tls-cert key
- template: deployment.yaml
- asserts:
- - contains:
- path: spec.template.spec.containers[0].volumeMounts
- content:
- name: vorgang-manager-grpc-tls-cert
- mountPath: "/grpc-tls/key.pem"
- subPath: tls.key
+ mountPath: /grpc-tls
readOnly: true
- it: should have volume for namespace ca-cert
template: deployment.yaml
@@ -69,8 +59,16 @@ tests:
path: spec.template.spec.volumes
content:
name: namespace-ca-cert
- secret:
- secretName: sh-helm-test-ca-cert
+ projected:
+ sources:
+ - secret:
+ items:
+ - key: ca.crt
+ path: ca.crt
+ name: sh-helm-test-ca-cert
+ optional: true
+ - configMap:
+ name: bindings-type
- it: should have volume mount for namespace ca-cert
template: deployment.yaml
asserts:
@@ -78,8 +76,7 @@ tests:
path: spec.template.spec.containers[0].volumeMounts
content:
name: namespace-ca-cert
- mountPath: "/bindings/ca-certificates/namespace-root-ca.pem"
- subPath: tls.crt
+ mountPath: "/bindings/namespace-certificate"
readOnly: true
- it: should not contain grpc_server_security_enabled env
asserts:
diff --git a/vorgang-manager-server/src/main/resources/application.yml b/vorgang-manager-server/src/main/resources/application.yml
index 69103ce5936442652988ef9a35ace9b446ec4fcb..ca964777aa73cd8b3e26a4708144c6ba1eebf04b 100644
--- a/vorgang-manager-server/src/main/resources/application.yml
+++ b/vorgang-manager-server/src/main/resources/application.yml
@@ -40,8 +40,8 @@ grpc:
server:
security:
enabled: true
- certificate-chain: file:/grpc-tls/cert.pem
- private-key: file:/grpc-tls/key.pem
+ certificate-chain: file:/grpc-tls/tls.crt
+ private-key: file:/grpc-tls/tls.key
management:
server: