X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fdcaegen2%2Fcharts%2Fdcae-cloudify-manager%2Ftemplates%2Fdeployment.yaml;h=b3e90a2efb1419a509dd8034eeb7e7d53165bc35;hb=a4535c94d838cd0d784fd14ff8497be878c81176;hp=d6c58cd75f1f05a6c93621d41827ebbd8c47d85e;hpb=dc9d4ca49343a5f31175b0247f01246c4ef392ab;p=oom.git

diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
index d6c58cd75f..b3e90a2efb 100644
--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
@@ -34,6 +34,12 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ .Release.Name }}
     spec:
+      # host alias allows local 'cfy' command to use https and match
+      # the host name in the certificate
+      hostAliases:
+      - ip: "127.0.0.1"
+        hostnames:
+        - "dcae-cloudify-manager"
       initContainers:
       - name: {{ include "common.name" . }}-multisite-init
         image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }}
@@ -44,10 +50,26 @@ spec:
           - --configmap
           - {{ .Values.multisiteConfigMapName }}
         restartPolicy: Never
+      - name: init-tls
+        env:
+          - name: POD_IP
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: status.podIP
+        image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        resources: {}
+        volumeMounts:
+            - mountPath: /opt/tls/shared
+              name: tls-info
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+            - name: REQUESTS_CA_BUNDLE
+              value: "/opt/onap/certs/cacert.pem"
           resources:
 {{ include "common.resources" . | indent 12 }}
           ports:
@@ -86,6 +108,8 @@ spec:
             readOnly: true
           - mountPath: /cfy-persist
             name: cm-persistent
+          - mountPath: /opt/onap/certs
+            name: tls-info
           securityContext:
             privileged: True
       volumes:
@@ -107,5 +131,7 @@ spec:
         - name: cm-persistent
           persistentVolumeClaim:
             claimName: {{ include "common.fullname" . }}-data
+        - emptyDir: {}
+          name: tls-info
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"