From 7ffa07d8b02c633a3c6d87e5caa74f71ebf727c5 Mon Sep 17 00:00:00 2001
From: Rajesh <rjshrjndrn@gmail.com>
Date: Tue, 26 Nov 2019 15:19:01 +0000
Subject: [PATCH] creating ssl secrets

---
 kubernetes/ansible/bootstrap_minimal.yaml         | 15 +++++++++++++++
 .../templates/deployment.yaml                     |  8 ++++++++
 2 files changed, 23 insertions(+)

diff --git a/kubernetes/ansible/bootstrap_minimal.yaml b/kubernetes/ansible/bootstrap_minimal.yaml
index 0bd9c22d3..d894223f2 100644
--- a/kubernetes/ansible/bootstrap_minimal.yaml
+++ b/kubernetes/ansible/bootstrap_minimal.yaml
@@ -17,3 +17,18 @@
     - name: Creating docker secrets
       shell: kubectl create secret docker-registry {{ imagepullsecrets }} --namespace {{ namespace }} --docker-server {{ vault_docker_registry_url }} --docker-username {{ vault_docker_registry_user }} --docker-password {{ vault_docker_registry_password }}
       when: imagepullsecrets|length > 0
+    - name: Creating domain sssl
+      shell: 
+        cmd: |
+          cat <<EOF | kubectl apply -f -
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: ingress-cert
+            namespace: istio-system
+          type: kubernetes.io/tls
+          data:
+            ca.crt: ""
+            site.crt: "{{ core_vault_proxy_site_crt | b64encode }}"
+            site.key: "{{ core_vault_proxy_site_key | b64encode }}"
+          EOF
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/templates/deployment.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/templates/deployment.yaml
index 88ecca9de..44ceb5290 100644
--- a/kubernetes/helm_charts/core/nginx-public-ingress/templates/deployment.yaml
+++ b/kubernetes/helm_charts/core/nginx-public-ingress/templates/deployment.yaml
@@ -18,6 +18,10 @@ spec:
       - name: {{ .Values.imagepullsecrets }}
       {{- end }}
       {{- if .Values.sunbird_portal_player_cdn_enabled }}
+      volumes:
+        - name: tls
+          secret:
+            secretName: ingress-cert
       containers:
       - name: name
         image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}"
@@ -25,6 +29,10 @@ spec:
           requests:
             cpu: 100m
             memory: 200Mi
+        volumeMounts:
+          - name: tls
+            mountPath: /run/secrets
+            readOnly: true
         ports:
         - containerPort: 80
           name: http
-- 
GitLab