From 6acc085a771803353af9f75882afd983cd6f178b Mon Sep 17 00:00:00 2001
From: tomdds <tom.chandler-ctr@friends.dds.mil>
Date: Mon, 25 Nov 2019 14:03:41 -0500
Subject: [PATCH] Use dhparam.pem from AZ Key Vault

---
 deploy/azure/azure.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/deploy/azure/azure.yml b/deploy/azure/azure.yml
index 4ed180fb..58491c9c 100644
--- a/deploy/azure/azure.yml
+++ b/deploy/azure/azure.yml
@@ -23,6 +23,7 @@ spec:
       labels:
         app: atst
         role: web
+        aadpodidbinding: atat-kv-id-binding
     spec:
       securityContext:
         fsGroup: 101
@@ -76,6 +77,9 @@ spec:
               mountPath: "/usr/share/nginx/html/.well-known/acme-challenge/"
             - name: snippets
               mountPath: "/etc/nginx/snippets/"
+            - name: nginx-dhparam-secret
+              mountPath: "/etc/ssl/"
+              readOnly: true
       volumes:
         - name: atst-config
           secret:
@@ -136,6 +140,16 @@ spec:
         - name: snippets
           configMap:
             name: nginx-snippets
+        - name: nginx-dhparam-secret
+          flexVolume:
+            driver: "azure/kv"
+            options:
+              usepodidentity: "true"
+              keyvaultname: "atat-vault-test"
+              keyvaultobjectnames: "dhparam4096"
+              keyvaultobjectaliases: "dhparam.pem"
+              keyvaultobjecttypes: secret
+              tenantid: "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment