Use mounted all-in-one cert for nginx ssl

Mount the combined key and cert for nginx ssl using flexvol and point the necessary nginx config at it.

deploy/azure/atst-nginx-configmap.yml

@@ -39,8 +39,8 @@ data:
         # access_log /var/log/nginx/access.log json;
         listen ${PORT_PREFIX}442 ssl;
         listen [::]:${PORT_PREFIX}442 ssl ipv6only=on;
-        ssl_certificate /etc/ssl/private/atat.crt;
+        ssl_certificate /etc/ssl/atat.crt;
-        ssl_certificate_key /etc/ssl/private/atat.key;
+        ssl_certificate_key /etc/ssl/atat.crt;
         # additional SSL/TLS settings
         include /etc/nginx/snippets/ssl.conf
 
@@ -72,8 +72,8 @@ data:
         server_name ${AUTH_DOMAIN};
         listen ${PORT_PREFIX}443 ssl;
         listen [::]:${PORT_PREFIX}443 ssl ipv6only=on;
-        ssl_certificate /etc/ssl/private/atat.crt;
+        ssl_certificate /etc/ssl/atat.crt;
-        ssl_certificate_key /etc/ssl/private/atat.key;
+        ssl_certificate_key /etc/ssl/atat.crt;
         # Request and validate client certificate
         ssl_verify_client on;
         ssl_verify_depth 10;

deploy/azure/azure.yml

@@ -146,8 +146,8 @@ spec:
             options:
               usepodidentity: "true"
               keyvaultname: "atat-vault-test"
-              keyvaultobjectnames: "dhparam4096"
+              keyvaultobjectnames: "dhparam4096;staging-cert"
-              keyvaultobjectaliases: "dhparam.pem"
+              keyvaultobjectaliases: "dhparam.pem;atat.crt"
               keyvaultobjecttypes: secret
               tenantid: $TENANT_ID
 ---