chore: mount vault CA cert for Node.js TLS trust in paperclip (#108)
Mount the vault-ca-cert secret and set NODE_EXTRA_CA_CERTS so Node.js trusts the internal CA chain when making outbound TLS connections. Reviewed-on: #108
This commit was merged in pull request #108.
This commit is contained in:
@@ -58,9 +58,15 @@ spec:
|
||||
value: https://radosgw.service.consul
|
||||
- name: PAPERCLIP_STORAGE_S3_FORCE_PATH_STYLE
|
||||
value: "true"
|
||||
- name: NODE_EXTRA_CA_CERTS
|
||||
value: /etc/ssl/paperclip/ca.crt
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: paperclip-credentials
|
||||
volumeMounts:
|
||||
- name: vault-ca-cert
|
||||
mountPath: /etc/ssl/paperclip
|
||||
readOnly: true
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /api/health
|
||||
@@ -92,4 +98,11 @@ spec:
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 512Mi
|
||||
volumes:
|
||||
- name: vault-ca-cert
|
||||
secret:
|
||||
secretName: vault-ca-cert
|
||||
items:
|
||||
- key: ca.crt
|
||||
path: ca.crt
|
||||
restartPolicy: Always
|
||||
|
||||
Reference in New Issue
Block a user