From ca8a00dc54a2366fa547906dcf673f0454158b9c Mon Sep 17 00:00:00 2001 From: Aurélien Bompard Date: Oct 14 2020 09:47:58 +0000 Subject: Prepare FASJSON for the new certificate profile setting Signed-off-by: Aurélien Bompard --- diff --git a/roles/openshift-apps/fasjson/templates/configmap.yml b/roles/openshift-apps/fasjson/templates/configmap.yml index 4b3beac..50ef5ee 100644 --- a/roles/openshift-apps/fasjson/templates/configmap.yml +++ b/roles/openshift-apps/fasjson/templates/configmap.yml @@ -15,6 +15,8 @@ items: {{ load_file('start.sh') | indent(6) }} httpd.conf: |- {{ load_file('httpd.conf') | indent(6) }} + fasjson.conf: |- + {{ load_file('fasjson.conf') | indent(6) }} - apiVersion: v1 kind: ConfigMap metadata: diff --git a/roles/openshift-apps/fasjson/templates/deploymentconfig.yml b/roles/openshift-apps/fasjson/templates/deploymentconfig.yml index 94a5f49..8427d7a 100644 --- a/roles/openshift-apps/fasjson/templates/deploymentconfig.yml +++ b/roles/openshift-apps/fasjson/templates/deploymentconfig.yml @@ -26,62 +26,65 @@ spec: deploymentconfig: fasjson spec: containers: - - name: fasjson - imagePullPolicy: Always - ports: - - containerPort: 8080 - volumeMounts: + - name: fasjson + imagePullPolicy: Always + ports: + - containerPort: 8080 + volumeMounts: + - name: keytab-http-volume + mountPath: /etc/keytabs/http + subPath: http + readOnly: true + - name: krb-config-volume + mountPath: /etc/krb5 + readOnly: true + - name: fasjson-config-volume + mountPath: /etc/fasjson + readOnly: true + - name: ipa-config-volume + mountPath: /etc/ipa + readOnly: true + - name: httpdir + mountPath: /httpdir + env: + - name: FASJSON_CONFIG_PATH + value: "/etc/fasjson/fasjson.conf" + livenessProbe: + timeoutSeconds: 10 + initialDelaySeconds: 10 + periodSeconds: 60 + httpGet: + path: /healthz/live + port: 8080 + readinessProbe: + timeoutSeconds: 10 + initialDelaySeconds: 5 + periodSeconds: 60 + httpGet: + path: /healthz/ready + port: 8080 + volumes: + - name: fasjson-config-volume + configMap: + name: fasjson-config - name: keytab-http-volume - mountPath: /etc/keytabs/http - subPath: http - readOnly: true + secret: + secretName: fasjson-keytab-http - name: krb-config-volume - mountPath: /etc/krb5 - readOnly: true - - name: fasjson-config-volume - mountPath: /etc/fasjson - readOnly: true + configMap: + name: krb5-config - name: ipa-config-volume - mountPath: /etc/ipa - readOnly: true + configMap: + name: ipa-client-config - name: httpdir - mountPath: /httpdir - livenessProbe: - timeoutSeconds: 10 - initialDelaySeconds: 10 - periodSeconds: 60 - httpGet: - path: /healthz/live - port: 8080 - readinessProbe: - timeoutSeconds: 10 - initialDelaySeconds: 5 - periodSeconds: 60 - httpGet: - path: /healthz/ready - port: 8080 - volumes: - - name: fasjson-config-volume - configMap: - name: fasjson-config - - name: keytab-http-volume - secret: - secretName: fasjson-keytab-http - - name: krb-config-volume - configMap: - name: krb5-config - - name: ipa-config-volume - configMap: - name: ipa-client-config - - name: httpdir - emptyDir: {} + emptyDir: {} triggers: - - imageChangeParams: - automatic: true - containerNames: - - fasjson - from: - kind: ImageStreamTag - name: fasjson:latest - type: ImageChange - - type: ConfigChange + - imageChangeParams: + automatic: true + containerNames: + - fasjson + from: + kind: ImageStreamTag + name: fasjson:latest + type: ImageChange + - type: ConfigChange diff --git a/roles/openshift-apps/fasjson/templates/fasjson.conf b/roles/openshift-apps/fasjson/templates/fasjson.conf new file mode 100644 index 0000000..6a26f3c --- /dev/null +++ b/roles/openshift-apps/fasjson/templates/fasjson.conf @@ -0,0 +1,2 @@ +# The ID of the Certificate Profile to use in IPA +CERTIFICATE_PROFILE = "userCerts"