diff --git a/src/domains/pay-wallet-app/05_aks_middleware_tools.tf b/src/domains/pay-wallet-app/05_aks_middleware_tools.tf
index afc71f617..78f2ba3bb 100644
--- a/src/domains/pay-wallet-app/05_aks_middleware_tools.tf
+++ b/src/domains/pay-wallet-app/05_aks_middleware_tools.tf
@@ -16,25 +16,21 @@ module "tls_checker" {
application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id]
keyvault_name = data.azurerm_key_vault.kv.name
keyvault_tenant_id = data.azurerm_client_config.current.tenant_id
+ workload_identity_enabled = true
+ workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name
+ workload_identity_client_id = module.workload_identity.workload_identity_client_id
}
-resource "helm_release" "cert_mounter" {
- name = "cert-mounter-blueprint"
- repository = "https://pagopa.github.io/aks-helm-cert-mounter-blueprint"
- chart = "cert-mounter-blueprint"
- version = "1.0.4"
- namespace = var.domain
- timeout = 120
- force_update = true
-
- values = [
- templatefile("${path.root}/helm/cert-mounter.yaml.tpl", {
- NAMESPACE = var.domain,
- DOMAIN = var.domain
- CERTIFICATE_NAME = replace(local.payment_wallet_hostname, ".", "-"),
- ENV_SHORT = var.env_short,
- })
- ]
+module "cert_mounter" {
+ source = "./.terraform/modules/__v3__/cert_mounter"
+ namespace = var.domain
+ certificate_name = replace(local.payment_wallet_hostname, ".", "-")
+ kv_name = data.azurerm_key_vault.kv.name
+ tenant_id = data.azurerm_subscription.current.tenant_id
+ workload_identity_enabled = true
+ workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name
+ workload_identity_client_id = module.workload_identity.workload_identity_client_id
+ depends_on = [module.workload_identity]
}
resource "helm_release" "reloader" {
diff --git a/src/domains/pay-wallet-app/README.md b/src/domains/pay-wallet-app/README.md
index 75527880d..5cf9cd99d 100644
--- a/src/domains/pay-wallet-app/README.md
+++ b/src/domains/pay-wallet-app/README.md
@@ -28,6 +28,7 @@
| [apim\_payment\_wallet\_product](#module\_apim\_payment\_wallet\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_wallet\_service\_notifications\_api\_v1](#module\_apim\_wallet\_service\_notifications\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_webview\_payment\_wallet\_api\_v1](#module\_apim\_webview\_payment\_wallet\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
+| [cert\_mounter](#module\_cert\_mounter) | ./.terraform/modules/__v3__/cert_mounter | n/a |
| [kubernetes\_service\_account](#module\_kubernetes\_service\_account) | ./.terraform/modules/__v3__/kubernetes_service_account | n/a |
| [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a |
| [tls\_checker](#module\_tls\_checker) | ./.terraform/modules/__v3__/tls_checker | n/a |
@@ -61,7 +62,6 @@
| [azurerm_key_vault_secret.aks_apiserver_url](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.azure_devops_sa_cacrt](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.azure_devops_sa_token](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
-| [helm_release.cert_mounter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_namespace.namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.namespace_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |