Skip to content

Commit

Permalink
Use Vault serverca for CONSUL_CACERT when secrets backend enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
@nathancoleman
nathancoleman committed Apr 24, 2023
1 parent 0332959 commit 6c5f713
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion charts/consul/templates/api-gateway-controller-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,14 @@ spec:
name: sds
protocol: TCP
env:
{{- if or (not (or (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) .Values.global.secretsBackend.vault.enabled)) .Values.client.enabled }}
{{- if or (not (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots)) .Values.client.enabled }}
{{- if .Values.global.tls.enabled }}
- name: CONSUL_CACERT
{{- if and (not .Values.client.enabled) .Values.global.secretsBackend.vault.enabled }}
value: /vault/secrets/serverca.crt
{{- else }}
value: /consul/tls/ca/tls.crt
{{- end }}
{{- end }}
{{- end }}
- name: HOST_IP
Expand Down

0 comments on commit 6c5f713

Please sign in to comment.