Because of limitations with CircleCI, we should limit Ghost Inspector
tests to only run on merge commits to our protected branches. This will
allow us to build every commit in CI without exhausting our monthly
allotment of Ghost Inspector test runs. Once that setting has been
enabled in CircleCI ("build every commit") we will not longer have to
worry about what our default branch in the Github repo is.
FlexVol requires that you specify certificates as secrets in order to get both the certificate and private key in the appropriate format for nginx to consume. Additionally, flexvol shouldn't interfer with other secrets mounted in it's host directory.
This adds additional SSL/TLS config to specify the acceptable TLS
version, cipher suites, session cache, etc. Values are currently based
on the Mozilla Foundation's recommendations for intermediate
compatibility:
https://wiki.mozilla.org/Security/Server_Side_TLS
We will manage NGINX configuration snippets as a K8s ConfigMap so that
they can be included in server blocks as-needed.
This configures the NGINX container to log in JSON. It also updates the
K8s config so that we mount all of the key/value pairs available in the
atst-nginx ConfigMap as files in "/etc/nginx/conf.d" inside the
container. This simplifies the config a little.
- modify Accordion component to be able to customize classes and tags
that it uses to build markup
- modify the shape of the object that the mock CSP returns for data that
builds this section.
- Also ensures that the CLINs TOs and CLINS are sorted
- add appropriate css for styling
Turns out you can't map multiple K8s resources over the same directory.
The K8s secret for the INI file and the ConfigMap for the uWSGI config
both map into /opt/atat/atst in the container. This caused errors when
the container tried to launch. Instead, we need to specify the full file
path for every file we're mapping into that directory to avoid
conflicts.
