Add SSL/TLS config for staging sites.
This presumes the existence of TLS kubernetes secrets available in both clusters. It adds NGINX config for SSL termination and the necessary k8s config to write the certificate and private key to the NGINX container.
This commit is contained in:
dandds
@@ -60,6 +60,10 @@ spec:
|
||||
- name: nginx-htpasswd
|
||||
mountPath: "/etc/nginx/.htpasswd"
|
||||
subPath: .htpasswd
|
||||
- name: tls
|
||||
mountPath: "/etc/ssl/private"
|
||||
- name: nginx-client-ca-bundle
|
||||
mountPath: "/etc/ssl/"
|
||||
volumes:
|
||||
- name: atst-config
|
||||
secret:
|
||||
@@ -91,6 +95,16 @@ spec:
|
||||
- key: htpasswd
|
||||
path: .htpasswd
|
||||
mode: 0640
|
||||
- name: tls
|
||||
secret:
|
||||
secretName: azure-atat-code-mil-tls
|
||||
items:
|
||||
- key: tls.crt
|
||||
path: atat.crt
|
||||
mode: 0644
|
||||
- key: tls.key
|
||||
path: atat.key
|
||||
mode: 0640
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
@@ -154,7 +168,7 @@ metadata:
|
||||
spec:
|
||||
loadBalancerIP: 13.92.235.6
|
||||
ports:
|
||||
- port: 80
|
||||
- port: 443
|
||||
targetPort: 8442
|
||||
selector:
|
||||
role: web
|
||||
@@ -170,7 +184,7 @@ metadata:
|
||||
spec:
|
||||
loadBalancerIP: 23.100.24.41
|
||||
ports:
|
||||
- port: 80
|
||||
- port: 443
|
||||
targetPort: 8443
|
||||
selector:
|
||||
role: web
|
||||
|
||||
Reference in New Issue
Block a user