add k8s secret mount for spring sslbundles

Cosmo-Tech · Aug 27, 2024 · f53a292 · f53a292
1 parent f488344
commit f53a292
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 7 deletions.
diff --git a/api/kubernetes/helm-chart/Chart.yaml b/api/kubernetes/helm-chart/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 4.0.3-onprem
+version: 4.0.0-onprem.6
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "4.0.3-onprem"
+appVersion: "4.0.0-onprem.6"
diff --git a/api/kubernetes/helm-chart/templates/_helpers.tpl b/api/kubernetes/helm-chart/templates/_helpers.tpl
@@ -116,7 +116,7 @@ Location of the persistence data
 {{- end }}
 
 {{- define "cosmotech-api.custom-rootca-path" -}}
-"/mnt/cosmotech/certificates/{{ .Values.api.tlsTruststore.fileName }}"
+/mnt/cosmotech/certificates
 {{- end }}
 
 {{- define "cosmotech-api.custom-rootca-bundle" -}}
@@ -148,15 +148,15 @@ ssl bundle must be set here because it is searched even if empty
  pem:
  {{ include "cosmotech-api.custom-rootca-bundle" . }}:
  truststore:
- certificate: {{ include "cosmotech-api.custom-rootca-path" . }}
+ certificate: {{ printf "%s/%s" (include "cosmotech-api.custom-rootca-path" .) .Values.api.tlsTruststore.fileName }}
 {{- end }}
 {{- if and .Values.api.tlsTruststore.enabled (eq .Values.api.tlsTruststore.type "jks") }}
  ssl:
  bundle:
  jks:
  {{ include "cosmotech-api.custom-rootca-bundle" . }}:
  truststore:
- location: {{ include "cosmotech-api.custom-rootca-path" . }}
+ location: {{ printf "%s/%s" (include "cosmotech-api.custom-rootca-path" .) .Values.api.tlsTruststore.fileName }}
  password: {{ .Values.api.tlsTruststore.jksPassword }}
 {{- end }}
 

diff --git a/api/kubernetes/helm-chart/templates/deployment.yaml b/api/kubernetes/helm-chart/templates/deployment.yaml
@@ -55,6 +55,9 @@ spec:
  - name: custom-rootca
  secret:
  secretName: {{ .Values.api.tlsTruststore.secretName }}
+ items:
+ - key: ca.crt
+ path: {{ .Values.api.tlsTruststore.fileName }}
  {{end}}
  containers:
  - name: {{ .Chart.Name }}
@@ -93,8 +96,7 @@ spec:
  readOnly: false
  {{end}}
  {{if .Values.api.tlsTruststore.enabled }}
- - mountPath: {{ include "cosmotech-api.custom-rootca-path" . }}
- subPath: {{ .Values.api.tlsTruststore.fileName }}
+ - mountPath: {{ include "cosmotech-api.custom-rootca-path" . | quote }}
  name: custom-rootca
  readOnly: true
  {{end}}