chore: mount vault CA cert for Node.js TLS trust in paperclip
Mount the vault-ca-cert secret and set NODE_EXTRA_CA_CERTS so Node.js trusts the internal CA chain when making outbound TLS connections.
This commit is contained in:
@@ -58,9 +58,15 @@ spec:
|
|||||||
value: https://radosgw.service.consul
|
value: https://radosgw.service.consul
|
||||||
- name: PAPERCLIP_STORAGE_S3_FORCE_PATH_STYLE
|
- name: PAPERCLIP_STORAGE_S3_FORCE_PATH_STYLE
|
||||||
value: "true"
|
value: "true"
|
||||||
|
- name: NODE_EXTRA_CA_CERTS
|
||||||
|
value: /etc/ssl/paperclip/ca.crt
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: paperclip-credentials
|
name: paperclip-credentials
|
||||||
|
volumeMounts:
|
||||||
|
- name: vault-ca-cert
|
||||||
|
mountPath: /etc/ssl/paperclip
|
||||||
|
readOnly: true
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /api/health
|
path: /api/health
|
||||||
@@ -92,4 +98,11 @@ spec:
|
|||||||
requests:
|
requests:
|
||||||
cpu: 250m
|
cpu: 250m
|
||||||
memory: 512Mi
|
memory: 512Mi
|
||||||
|
volumes:
|
||||||
|
- name: vault-ca-cert
|
||||||
|
secret:
|
||||||
|
secretName: vault-ca-cert
|
||||||
|
items:
|
||||||
|
- key: ca.crt
|
||||||
|
path: ca.crt
|
||||||
restartPolicy: Always
|
restartPolicy: Always
|
||||||
|
|||||||
Reference in New Issue
Block a user