From 5bd39e1a152e3c8223895d11652e6c597b8d6e31 Mon Sep 17 00:00:00 2001
From: Devon Mackay <devon@dds.mil>
Date: Wed, 8 Aug 2018 14:06:43 -0400
Subject: [PATCH] Add client ca bundle to nginx container

---
 deploy/kubernetes/atst.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/deploy/kubernetes/atst.yml b/deploy/kubernetes/atst.yml
index c302f8af..773dbf37 100644
--- a/deploy/kubernetes/atst.yml
+++ b/deploy/kubernetes/atst.yml
@@ -47,6 +47,9 @@ spec:
           volumeMounts:
             - name: nginx-auth-tls
               mountPath: "/etc/ssl/private"
+            - name: nginx-client-ca-bundle
+              mountPath: "/etc/ssl/client-ca-bundle.pem"
+              subPath: client-ca-bundle.pem
             - name: nginx-config
               mountPath: "/etc/nginx/conf.d/atst.conf"
               subPath: atst.conf
@@ -78,6 +81,13 @@ spec:
             - key: tls.key
               path: auth.atat.key
               mode: 0640
+        - name: nginx-ca-bundle
+          secret:
+            secretName: nginx-client-ca-bundle
+            items:
+            - key: client-ca-bundle.pem
+              path: client-ca-bundle.pem
+              mode: 0666
         - name: nginx-config
           configMap:
             name: atst-nginx