diff --git a/kubernetes/ansible/bootstrap_minimal.yaml b/kubernetes/ansible/bootstrap_minimal.yaml
index 0bd9c22d30439a8e244fe151915471ce7fa51ae3..d894223f2654a79b35303d48b39848be8a439925 100644
--- a/kubernetes/ansible/bootstrap_minimal.yaml
+++ b/kubernetes/ansible/bootstrap_minimal.yaml
@@ -17,3 +17,18 @@
- name: Creating docker secrets
shell: kubectl create secret docker-registry {{ imagepullsecrets }} --namespace {{ namespace }} --docker-server {{ vault_docker_registry_url }} --docker-username {{ vault_docker_registry_user }} --docker-password {{ vault_docker_registry_password }}
when: imagepullsecrets|length > 0
+ - name: Creating domain sssl
+ shell:
+ cmd: |
+ cat <<EOF | kubectl apply -f -
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ingress-cert
+ namespace: istio-system
+ type: kubernetes.io/tls
+ data:
+ ca.crt: ""
+ site.crt: "{{ core_vault_proxy_site_crt | b64encode }}"
+ site.key: "{{ core_vault_proxy_site_key | b64encode }}"
+ EOF
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/templates/deployment.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/templates/deployment.yaml
index 88ecca9de77baee92c94efa9ff2584832067cf83..44ceb52903653ecc32b5e9a6674e0042f078494f 100644
--- a/kubernetes/helm_charts/core/nginx-public-ingress/templates/deployment.yaml
+++ b/kubernetes/helm_charts/core/nginx-public-ingress/templates/deployment.yaml
@@ -18,6 +18,10 @@ spec:
- name: {{ .Values.imagepullsecrets }}
{{- end }}
{{- if .Values.sunbird_portal_player_cdn_enabled }}
+ volumes:
+ - name: tls
+ secret:
+ secretName: ingress-cert
containers:
- name: name
image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}"
@@ -25,6 +29,10 @@ spec:
requests:
cpu: 100m
memory: 200Mi
+ volumeMounts:
+ - name: tls
+ mountPath: /run/secrets
+ readOnly: true
ports:
- containerPort: 80
name: http