diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2018-02-25 23:23:32 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2018-02-25 23:23:32 +0100 |
| commit | 1fd5003b61966454f39f0744bcf38dd66135384a (patch) | |
| tree | 427896b335c17122ecf7dbada23318d4c4144c14 /templates | |
| parent | added hack for acmetool handling (diff) | |
TLS hack
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/default/kubernetes/sfive-deploy.yml.j2 | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/templates/default/kubernetes/sfive-deploy.yml.j2 b/templates/default/kubernetes/sfive-deploy.yml.j2 index 68d907f..5b02eb0 100644 --- a/templates/default/kubernetes/sfive-deploy.yml.j2 +++ b/templates/default/kubernetes/sfive-deploy.yml.j2 @@ -40,6 +40,16 @@ spec: volumeMounts: - name: hub-data mountPath: /srv/data + - name: copy-certificates + image: busybox + command: ['sh', '-c', 'chmod 0750 /srv/acme && cp /var/lib/acme/live/{{ deploy.worker.flags['stream-hostname'] }}/* /srv/acme && chown -R 998 /srv/acme'] + securityContext: + runAsUser: 0 + volumeMounts: + - name: proxy-cert + mountPath: /srv/acme + - name: acme-lib + mountPath: /var/lib/acme {% if deploy.worker.flags.sfive == 'proxy' and 'stream-onion' in deploy.worker.flags %} - name: prepare-onion-lib image: busybox @@ -76,6 +86,8 @@ spec: mountPath: /srv - name: proxy-config mountPath: /srv/config + - name: proxy-cert + mountPath: /srv/acme {% if 'stream-onion' in deploy.worker.flags %} - name: proxy-onion image: spreadspace/sfive:{{ desc.globals.deployment.parameter.sfive_image_version }} @@ -118,18 +130,26 @@ spec: - name: home emptyDir: medium: Memory + - name: hub-data + hostPath: + type: DirectoryOrCreate + path: /var/lib/sfive/{{ desc.globals.name }} {% if deploy.worker.flags.sfive == 'proxy' and 'stream-onion' in deploy.worker.flags %} - - name: onion-lib - emptyDir: - medium: Memory - name: onion-config configMap: name: onion-service-{{ deploy.worker.flags.stream }} + - name: onion-lib + emptyDir: + medium: Memory {% endif %} - name: proxy-config configMap: name: sfive-{{ deploy.worker.name }} - - name: hub-data + - name: proxy-cert + emptyDir: + medium: Memory + - name: acme-lib hostPath: - type: DirectoryOrCreate - path: /var/lib/sfive/{{ desc.globals.name }} + type: Directory + path: /var/lib/acme + readOnly: yes |