authelia: Mount dch-root-ca
The LDAP servers now use certificates signed by _DCH CA R2_, so the _DCH Root CA R2_ CA needs to be trusted in order to communicate with them.etcd
parent
b8015c0bed
commit
e71156bcec
|
|
@ -1,11 +1,14 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: authelia
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
- pairs:
|
- pairs:
|
||||||
app.kubernetes.io/instance: authelia
|
app.kubernetes.io/instance: authelia
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
- ../dch-root-ca
|
||||||
- secrets.yaml
|
- secrets.yaml
|
||||||
- redis.yaml
|
- redis.yaml
|
||||||
- authelia.yaml
|
- authelia.yaml
|
||||||
|
|
@ -37,8 +40,12 @@ patches:
|
||||||
- name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
|
- name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
|
||||||
value: /run/authelia/secrets/postgresql/password
|
value: /run/authelia/secrets/postgresql/password
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /run/authelia/certs
|
- mountPath: /run/authelia/certs/postgresql-ca.crt
|
||||||
name: postgresql-ca
|
name: postgresql-ca
|
||||||
|
subPath: postgresql-ca.crt
|
||||||
|
- mountPath: /run/authelia/certs/dch-root-ca.crt
|
||||||
|
name: dch-root-ca
|
||||||
|
subPath: dch-root-ca.crt
|
||||||
- mountPath: /run/authelia/secrets/postgresql
|
- mountPath: /run/authelia/secrets/postgresql
|
||||||
name: postgresql-auth
|
name: postgresql-auth
|
||||||
volumes:
|
volumes:
|
||||||
|
|
@ -48,3 +55,6 @@ patches:
|
||||||
- name: postgresql-ca
|
- name: postgresql-ca
|
||||||
configMap:
|
configMap:
|
||||||
name: postgresql-ca
|
name: postgresql-ca
|
||||||
|
- name: dch-root-ca
|
||||||
|
configMap:
|
||||||
|
name: dch-root-ca
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue