From 1ad5441c8bf8ff44dfb20b83f42bda1a5ff20e9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Mon, 16 Sep 2024 13:26:16 +0200 Subject: [PATCH] FASJSON: deploy a static session key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- playbooks/openshift-apps/fasjson.yml | 7 +++++++ .../openshift-apps/fasjson/templates/deploymentconfig.yml | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/playbooks/openshift-apps/fasjson.yml b/playbooks/openshift-apps/fasjson.yml index a283d81b09..fad1821388 100644 --- a/playbooks/openshift-apps/fasjson.yml +++ b/playbooks/openshift-apps/fasjson.yml @@ -61,6 +61,13 @@ service: HTTP host: "fasjson{{ env_suffix }}.fedoraproject.org" + # Session secret key + - role: openshift/secret-file + app: fasjson + secret_name: session-key + key: session.key + privatefile: "fasjson/session.{{env}}.key" + - role: openshift/imagestream app: fasjson imagename: fasjson diff --git a/roles/openshift-apps/fasjson/templates/deploymentconfig.yml b/roles/openshift-apps/fasjson/templates/deploymentconfig.yml index 8427d7abe0..6a1caed278 100644 --- a/roles/openshift-apps/fasjson/templates/deploymentconfig.yml +++ b/roles/openshift-apps/fasjson/templates/deploymentconfig.yml @@ -46,6 +46,10 @@ spec: readOnly: true - name: httpdir mountPath: /httpdir + - name: session-key + mountPath: /etc/fasjson-secret/session.key + subPath: session.key + readOnly: true env: - name: FASJSON_CONFIG_PATH value: "/etc/fasjson/fasjson.conf" @@ -67,6 +71,9 @@ spec: - name: fasjson-config-volume configMap: name: fasjson-config + - name: session-key + secret: + secretName: session-key - name: keytab-http-volume secret: secretName: fasjson-keytab-http