FASJSON: we don't need the host keytab

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2020-09-03 23:09:35 +02:00 · 2020-09-03 23:09:35 +02:00 · 86a521ef42
commit 86a521ef42
parent a0975faca8
3 changed files with 0 additions and 14 deletions
--- a/playbooks/openshift-apps/fasjson.yml
+++ b/playbooks/openshift-apps/fasjson.yml
@ -52,12 +52,6 @@
    # The ipa-ldap delegation target is declared during IPA installation

  # Keytabs
-  - role: openshift/keytab
-    app: fasjson
-    key: host
-    secret_name: fasjson-keytab-host
-    service: host
-    host: "fasjson{{ env_suffix }}.fedoraproject.org"
  - role: openshift/keytab
    app: fasjson
    key: http
--- a/roles/openshift-apps/fasjson/templates/Dockerfile
+++ b/roles/openshift-apps/fasjson/templates/Dockerfile
@ -37,7 +37,6 @@ RUN git clone https://github.com/fedora-infra/fasjson.git && \
    popd && \
    rm -rf fasjson
 RUN rm -f /etc/krb5.conf && ln -sf /etc/krb5/krb5.conf /etc/krb5.conf && \
-    ln -sf /etc/keytabs/host /etc/krb5.keytab && \
    rm -f /etc/openldap/ldap.conf && ln -sf /etc/ipa/ldap.conf /etc/openldap/ldap.conf
 EXPOSE 8080
 ENTRYPOINT bash /etc/fasjson/start.sh
--- a/roles/openshift-apps/fasjson/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/fasjson/templates/deploymentconfig.yml
@ -31,10 +31,6 @@ spec:
        ports:
        - containerPort: 8080
        volumeMounts:
-        - name: keytab-host-volume
-          mountPath: /etc/keytabs/host
-          subPath: host
-          readOnly: true
        - name: keytab-http-volume
          mountPath: /etc/keytabs/http
          subPath: http
@ -68,9 +64,6 @@ spec:
      - name: fasjson-config-volume
        configMap:
          name: fasjson-config
-      - name: keytab-host-volume
-        secret:
-          secretName: fasjson-keytab-host
      - name: keytab-http-volume
        secret:
          secretName: fasjson-keytab-http