diff --git a/roles/openshift-apps/greenwave/files/deploymentconfig.yml b/roles/openshift-apps/greenwave/files/deploymentconfig.yml index 019da950cf..4e7713b7ec 100644 --- a/roles/openshift-apps/greenwave/files/deploymentconfig.yml +++ b/roles/openshift-apps/greenwave/files/deploymentconfig.yml @@ -26,6 +26,12 @@ spec: - name: config-volume mountPath: /etc/greenwave readOnly: true + - name: fedmsg-key-volume + mountPath: /etc/pki/fedmsg/key + readOnly: true + - name: fedmsg-crt-volume + mountPath: /etc/pki/fedmsg/crt + readOnly: true readinessProbe: timeoutSeconds: 1 initialDelaySeconds: 5 @@ -45,6 +51,13 @@ spec: - name: config-volume configMap: name: greenwave-configmap + # This secret volume gets set up in the playbook + - name: fedmsg-key-volume + secret: + secretName: greenwave-fedmsg-key + - name: fedmsg-crt-volume + secret: + secretName: greenwave-fedmsg-crt triggers: - type: ImageChange imageChangeParams: @@ -102,4 +115,4 @@ spec: kind: ImageStreamTag name: greenwave:latest - type: ConfigChange - \ No newline at end of file + diff --git a/roles/openshift-apps/greenwave/templates/buildconfig.yml b/roles/openshift-apps/greenwave/templates/buildconfig.yml index 8dea3757d0..9a766eedaf 100644 --- a/roles/openshift-apps/greenwave/templates/buildconfig.yml +++ b/roles/openshift-apps/greenwave/templates/buildconfig.yml @@ -23,6 +23,9 @@ spec: https://kojipkgs.fedoraproject.org//packages/greenwave/0.3/2.fc26/noarch/greenwave-0.3-2.fc26.noarch.rpm # create a symlink for configuring the fedmsg consumers. RUN ln -sfn /etc/fedmsg-greenwave.d/greenwave.py /etc/fedmsg.d/greenwave.py + # And another two for putting the certs in place. + RUN ln -sfn /etc/pki/fedmsg/key/fedmsg-greenwave.key /etc/pki/fedmsg/greenwave.key + RUN ln -sfn /etc/pki/fedmsg/crt/fedmsg-greenwave.crt /etc/pki/fedmsg/greenwave.crt EXPOSE 8080 ENTRYPOINT gunicorn --bind 0.0.0.0:8080 --access-logfile=- greenwave.wsgi:app strategy: