diff --git a/k8s/cloud/base/api_deployment.yaml b/k8s/cloud/base/api_deployment.yaml index ce9b9039f2b..0b1ce55dfcf 100644 --- a/k8s/cloud/base/api_deployment.yaml +++ b/k8s/cloud/base/api_deployment.yaml @@ -158,8 +158,24 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key - name: vizier-image-secret secret: secretName: vizier-image-secret diff --git a/k8s/cloud/base/artifact_tracker_deployment.yaml b/k8s/cloud/base/artifact_tracker_deployment.yaml index d3a0f69e65c..b7e0e5adba4 100644 --- a/k8s/cloud/base/artifact_tracker_deployment.yaml +++ b/k8s/cloud/base/artifact_tracker_deployment.yaml @@ -86,8 +86,24 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key - name: artifact-access-sa secret: secretName: artifact-access-sa diff --git a/k8s/cloud/base/auth_deployment.yaml b/k8s/cloud/base/auth_deployment.yaml index 7b699fa4fd1..575cb558d2e 100644 --- a/k8s/cloud/base/auth_deployment.yaml +++ b/k8s/cloud/base/auth_deployment.yaml @@ -118,5 +118,21 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key diff --git a/k8s/cloud/base/config_manager_deployment.yaml b/k8s/cloud/base/config_manager_deployment.yaml index 79d5589a5f6..d705801b8f1 100644 --- a/k8s/cloud/base/config_manager_deployment.yaml +++ b/k8s/cloud/base/config_manager_deployment.yaml @@ -93,5 +93,21 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key diff --git a/k8s/cloud/base/cron_script_deployment.yaml b/k8s/cloud/base/cron_script_deployment.yaml index 33c7ced30c5..ffc3e321fe2 100644 --- a/k8s/cloud/base/cron_script_deployment.yaml +++ b/k8s/cloud/base/cron_script_deployment.yaml @@ -85,5 +85,21 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key diff --git a/k8s/cloud/base/indexer_deployment.yaml b/k8s/cloud/base/indexer_deployment.yaml index a861a8562a2..6bfcd23501c 100644 --- a/k8s/cloud/base/indexer_deployment.yaml +++ b/k8s/cloud/base/indexer_deployment.yaml @@ -89,8 +89,24 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key - name: es-certs secret: secretName: pl-elastic-es-http-certs-internal diff --git a/k8s/cloud/base/metrics_deployment.yaml b/k8s/cloud/base/metrics_deployment.yaml index 5835e32cd7b..a9d3acb863e 100644 --- a/k8s/cloud/base/metrics_deployment.yaml +++ b/k8s/cloud/base/metrics_deployment.yaml @@ -71,8 +71,24 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key - name: bq-access-sa secret: secretName: bq-access-sa diff --git a/k8s/cloud/base/ory_auth/hydra/hydra_deployment.yaml b/k8s/cloud/base/ory_auth/hydra/hydra_deployment.yaml index 44de8fe15b6..db19ca3cd9a 100644 --- a/k8s/cloud/base/ory_auth/hydra/hydra_deployment.yaml +++ b/k8s/cloud/base/ory_auth/hydra/hydra_deployment.yaml @@ -209,5 +209,21 @@ spec: - key: hydra.yml path: hydra.yml - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key diff --git a/k8s/cloud/base/ory_auth/kratos/kratos_deployment.yaml b/k8s/cloud/base/ory_auth/kratos/kratos_deployment.yaml index 6d9e56e9547..6719a0873d5 100644 --- a/k8s/cloud/base/ory_auth/kratos/kratos_deployment.yaml +++ b/k8s/cloud/base/ory_auth/kratos/kratos_deployment.yaml @@ -212,5 +212,21 @@ spec: - key: identity.schema.json path: identity.schema.json - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key diff --git a/k8s/cloud/base/plugin_deployment.yaml b/k8s/cloud/base/plugin_deployment.yaml index ebb499ac88f..0eb1c7282c2 100644 --- a/k8s/cloud/base/plugin_deployment.yaml +++ b/k8s/cloud/base/plugin_deployment.yaml @@ -90,5 +90,21 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key diff --git a/k8s/cloud/base/profile_deployment.yaml b/k8s/cloud/base/profile_deployment.yaml index 5b7dac65240..fc0139272dd 100644 --- a/k8s/cloud/base/profile_deployment.yaml +++ b/k8s/cloud/base/profile_deployment.yaml @@ -90,5 +90,21 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key diff --git a/k8s/cloud/base/project_manager_deployment.yaml b/k8s/cloud/base/project_manager_deployment.yaml index b61e3d7ff05..20245de021f 100644 --- a/k8s/cloud/base/project_manager_deployment.yaml +++ b/k8s/cloud/base/project_manager_deployment.yaml @@ -75,5 +75,21 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key diff --git a/k8s/cloud/base/proxy_deployment.yaml b/k8s/cloud/base/proxy_deployment.yaml index 372714a8d3c..b3963713602 100644 --- a/k8s/cloud/base/proxy_deployment.yaml +++ b/k8s/cloud/base/proxy_deployment.yaml @@ -140,8 +140,15 @@ spec: type: RuntimeDefault volumes: - name: service-certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key - name: envoy-yaml configMap: name: proxy-envoy-config diff --git a/k8s/cloud/base/scriptmgr_deployment.yaml b/k8s/cloud/base/scriptmgr_deployment.yaml index 7aa56f0952d..da6b3b4029c 100644 --- a/k8s/cloud/base/scriptmgr_deployment.yaml +++ b/k8s/cloud/base/scriptmgr_deployment.yaml @@ -63,5 +63,21 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key diff --git a/k8s/cloud/base/vzconn_deployment.yaml b/k8s/cloud/base/vzconn_deployment.yaml index e6cd57eb391..0e04809ac88 100644 --- a/k8s/cloud/base/vzconn_deployment.yaml +++ b/k8s/cloud/base/vzconn_deployment.yaml @@ -94,8 +94,24 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key - name: proxycerts secret: secretName: cloud-proxy-tls-certs diff --git a/k8s/cloud/base/vzmgr_deployment.yaml b/k8s/cloud/base/vzmgr_deployment.yaml index 138c08d2b7f..58afbf2cadf 100644 --- a/k8s/cloud/base/vzmgr_deployment.yaml +++ b/k8s/cloud/base/vzmgr_deployment.yaml @@ -100,5 +100,21 @@ spec: type: RuntimeDefault volumes: - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key diff --git a/k8s/cloud/dev/plugin_db_updater_job.yaml b/k8s/cloud/dev/plugin_db_updater_job.yaml index d92d7d544f5..4c576c80253 100644 --- a/k8s/cloud/dev/plugin_db_updater_job.yaml +++ b/k8s/cloud/dev/plugin_db_updater_job.yaml @@ -75,8 +75,24 @@ spec: secret: secretName: pl-db-secrets - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key backoffLimit: 1 parallelism: 1 completions: 1 diff --git a/k8s/cloud/overlays/plugin_job/plugin_job.yaml b/k8s/cloud/overlays/plugin_job/plugin_job.yaml index 228efbda87d..6612a2002e7 100644 --- a/k8s/cloud/overlays/plugin_job/plugin_job.yaml +++ b/k8s/cloud/overlays/plugin_job/plugin_job.yaml @@ -91,8 +91,24 @@ spec: secret: secretName: pl-db-secrets - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key - name: tmp-pod emptyDir: {} backoffLimit: 1 diff --git a/k8s/cloud/public/base/plugin_db_updater_job.yaml b/k8s/cloud/public/base/plugin_db_updater_job.yaml index 1f578bd5c3d..454bd40b36e 100644 --- a/k8s/cloud/public/base/plugin_db_updater_job.yaml +++ b/k8s/cloud/public/base/plugin_db_updater_job.yaml @@ -69,8 +69,24 @@ spec: secret: secretName: pl-db-secrets - name: certs - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt + - secret: + name: service-tls-client-certs + items: + - key: tls.crt + path: client.crt + - key: tls.key + path: client.key backoffLimit: 1 parallelism: 1 completions: 1 diff --git a/k8s/cloud_deps/base/nats/statefulset.yaml b/k8s/cloud_deps/base/nats/statefulset.yaml index 96d55e3824d..724c8beeab7 100644 --- a/k8s/cloud_deps/base/nats/statefulset.yaml +++ b/k8s/cloud_deps/base/nats/statefulset.yaml @@ -137,8 +137,17 @@ spec: # Common volumes for the containers volumes: - name: nats-server-tls-volume - secret: - secretName: service-tls-certs + projected: + sources: + - secret: + name: service-tls-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + - key: ca.crt + path: ca.crt - name: config-volume configMap: name: nats-config