diff --git a/save-cloud-charts/save-cloud/templates/backend-deployment.yaml b/save-cloud-charts/save-cloud/templates/backend-deployment.yaml index b553b2aa7d..f0f6f3000e 100644 --- a/save-cloud-charts/save-cloud/templates/backend-deployment.yaml +++ b/save-cloud-charts/save-cloud/templates/backend-deployment.yaml @@ -47,8 +47,21 @@ spec: initContainers: - name: git-cloner image: alpine/git + env: + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} args: - clone + - --progress + - --verbose + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} - --single-branch - --branch - {{ .Values.mysql.migrations.branch | default "master" }} @@ -95,6 +108,11 @@ spec: secretKeyRef: name: db-secrets key: spring.datasource.password + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} volumeMounts: - mountPath: /liquibase/changelog name: migrations-data @@ -110,4 +128,4 @@ spec: secret: secretName: s3-secrets - name: migrations-data - emptyDir: {} + emptyDir: {} \ No newline at end of file diff --git a/save-cloud-charts/save-cloud/templates/demo-deployment.yaml b/save-cloud-charts/save-cloud/templates/demo-deployment.yaml index d17c1322f0..68e8e6b384 100644 --- a/save-cloud-charts/save-cloud/templates/demo-deployment.yaml +++ b/save-cloud-charts/save-cloud/templates/demo-deployment.yaml @@ -67,8 +67,21 @@ spec: initContainers: - name: git-cloner image: alpine/git + env: + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} args: - clone + - --progress + - --verbose + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} - --single-branch - --branch - {{ .Values.mysql.migrations.branch | default "master" }} @@ -114,6 +127,11 @@ spec: secretKeyRef: name: db-secrets key: spring.datasource.password + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} volumeMounts: - mountPath: /liquibase/changelog name: migrations-data diff --git a/save-cloud-charts/save-cloud/templates/gateway-deployment.yaml b/save-cloud-charts/save-cloud/templates/gateway-deployment.yaml index 2c21db2c56..f8b6b590b1 100644 --- a/save-cloud-charts/save-cloud/templates/gateway-deployment.yaml +++ b/save-cloud-charts/save-cloud/templates/gateway-deployment.yaml @@ -35,10 +35,37 @@ spec: memory: 300M volumeMounts: - {{ include "spring-boot.config-volume-mount" . | indent 14 | trim }} + - mountPath: /layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security + name: cacerts - mountPath: /home/cnb/secrets/oauth name: oauth-credentials + {{ if .Values.gateway.initCerts.enabled }} + initContainers: + - name: init-cacerts + image: ghcr.io/saveourtool/api-gateway:0.4.0-alpha.0.408-9b56d61 + command: + - bash + - -c + - | + cp -R /layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security/* /home/cnb/cacerts + chmod 661 /home/cnb/cacerts/cacerts + find /layers -type f -name keytool -exec {} -import -noprompt -trustcacerts -alias HuaweiITRootCA -file /security/HuaweiITRootCA.pem -keystore /home/cnb/cacerts/cacerts -storepass changeit \; + find /layers -type f -name keytool -exec {} -import -noprompt -trustcacerts -alias HWITEnterpriseCA1 -file /security/HWITEnterpriseCA1.pem -keystore /home/cnb/cacerts/cacerts -storepass changeit \; + volumeMounts: + - mountPath: /home/cnb/cacerts + name: cacerts + - mountPath: /security + name: his-certs + {{ end }} volumes: - {{ include "spring-boot.config-volume" (dict "service" .Values.gateway) | indent 10 | trim }} - name: oauth-credentials secret: secretName: oauth-credentials + - name: his-certs + secret: + secretName: his-certs + - name: cacerts + emptyDir: {} + + \ No newline at end of file diff --git a/save-cloud-charts/save-cloud/templates/sandbox-deployment.yaml b/save-cloud-charts/save-cloud/templates/sandbox-deployment.yaml index aa61c12ae7..0502bcfb55 100644 --- a/save-cloud-charts/save-cloud/templates/sandbox-deployment.yaml +++ b/save-cloud-charts/save-cloud/templates/sandbox-deployment.yaml @@ -68,8 +68,21 @@ spec: initContainers: - name: git-cloner image: alpine/git + env: + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} args: - clone + - --progress + - --verbose + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} - --single-branch - --branch - {{ .Values.mysql.migrations.branch | default "master" }} @@ -116,6 +129,11 @@ spec: secretKeyRef: name: db-secrets key: spring.datasource.password + {{ if .Values.proxy.enabled }} + {{- with .Values.proxy.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{ end }} volumeMounts: - mountPath: /liquibase/changelog name: migrations-data diff --git a/save-cloud-charts/save-cloud/values.yaml b/save-cloud-charts/save-cloud/values.yaml index 065fcff270..9983321f80 100644 --- a/save-cloud-charts/save-cloud/values.yaml +++ b/save-cloud-charts/save-cloud/values.yaml @@ -47,6 +47,8 @@ preprocessor: # Fixed ClusterIP can be assigned to make it easier to query preprocessor from services outside Kubernetes clusterIP: null gateway: + initCerts: + enabled: true name: gateway profile: dev,kubernetes imageName: api-gateway