feat: Moving tls cert and key to secrets

snyk · Mar 6, 2024 · 7441703 · 7441703
1 parent d3a4de0
commit 7441703
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 42 deletions.
diff --git a/charts/snyk-broker/templates/broker_deployment.yaml b/charts/snyk-broker/templates/broker_deployment.yaml
@@ -81,16 +81,11 @@ spec:
                 mountPath: /home/node/cacert
                 readOnly: true
               {{- end }}
-              {{- if .Values.httpsCert }}
-              - name: {{ include "snyk-broker.fullname" . }}-httpscert-volume
-                mountPath: /home/node/httpscert
+              {{- if and .Values.httpsCert .Values.httpsKey }}
+              - name: {{ include "snyk-broker.fullname" . }}-tls-secret-volume
+                mountPath: /home/node/tls-cert/
                 readOnly: true
-              {{- end }}
-              {{- if .Values.httpsKey }}
-              - name: {{ include "snyk-broker.fullname" . }}-httpskey-volume
-                mountPath: /home/node/httpskey
-                readOnly: true
-              {{- end }}              
+              {{- end }}                 
 {{- if .Values.extraVolumeMounts }}
 {{ tpl (toYaml .Values.extraVolumeMounts | indent 14) . }}
 {{- end }}
@@ -380,11 +375,11 @@ spec:
          {{- if .Values.httpsCert }}
          # HTTPS Config
             - name: HTTPS_CERT
-              value: /home/node/httpscert/{{ .Values.httpsCert }}
+              value: /home/node/tls-cert/{{ .Values.httpsCert }}
          {{- end }}
          {{- if .Values.httpsKey }}
             - name: HTTPS_KEY
-              value: /home/node/httpskey/{{ .Values.httpsKey }}
+              value: /home/node/tls-cert/{{ .Values.httpsKey }}
          {{- end }}
 
          {{- if .Values.tlsRejectUnauthorized  }}
@@ -460,16 +455,11 @@ spec:
         configMap:
           name: {{ include "snyk-broker.fullname" . }}-cacert-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
       {{- end }}
-      {{- if .Values.httpsCert }}
-      - name: {{ include "snyk-broker.fullname" . }}-httpscert-volume
-        configMap:
-          name: {{ include "snyk-broker.fullname" . }}-httpscert-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
+      {{- if and .Values.httpsCert .Values.httpsKey }}
+      - name: {{ include "snyk-broker.fullname" . }}-tls-secret-volume
+        secret:
+          secretName: "tls-secret{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}"
       {{- end }}
-      {{- if .Values.httpsKey }}
-      - name: {{ include "snyk-broker.fullname" . }}-httpskey-volume
-        configMap:
-          name: {{ include "snyk-broker.fullname" . }}-httpskey-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
-      {{- end }}      
 {{- if .Values.extraVolumes }}
 {{ tpl (toYaml .Values.extraVolumes | indent 6) . }}
 {{- end }}
diff --git a/charts/snyk-broker/templates/httpscert_configmap.yaml b/charts/snyk-broker/templates/httpscert_configmap.yaml
diff --git a/charts/snyk-broker/templates/httpskey_configmap.yaml b/charts/snyk-broker/templates/httpskey_configmap.yaml
diff --git a/charts/snyk-broker/templates/secrets.yaml b/charts/snyk-broker/templates/secrets.yaml
@@ -116,4 +116,15 @@ metadata:
 type: Opaque
 data:
   "nexus-nexus-url": {{ .Values.nexusUrl | b64enc | quote }}
+---  
 {{- end}}
+{{- if and .Values.httpsCert .Values.httpsKey }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tls-secret{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
+type: Opaque
+data:
+  "{{ .Values.httpsCert }}": {{ (.Files.Get .Values.httpsCert) | b64enc | quote }}
+  "{{ .Values.httpsKey }}": {{ (.Files.Get .Values.httpsKey) | b64enc | quote }}
+{{- end }}