authelia: Mount dch-root-ca
The LDAP servers now use certificates signed by _DCH CA R2_, so the _DCH Root CA R2_ CA needs to be trusted in order to communicate with them.
This commit is contained in:
@@ -1,11 +1,14 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: authelia
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
- pairs:
|
- pairs:
|
||||||
app.kubernetes.io/instance: authelia
|
app.kubernetes.io/instance: authelia
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
- ../dch-root-ca
|
||||||
- secrets.yaml
|
- secrets.yaml
|
||||||
- redis.yaml
|
- redis.yaml
|
||||||
- authelia.yaml
|
- authelia.yaml
|
||||||
@@ -37,8 +40,12 @@ patches:
|
|||||||
- name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
|
- name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
|
||||||
value: /run/authelia/secrets/postgresql/password
|
value: /run/authelia/secrets/postgresql/password
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /run/authelia/certs
|
- mountPath: /run/authelia/certs/postgresql-ca.crt
|
||||||
name: postgresql-ca
|
name: postgresql-ca
|
||||||
|
subPath: postgresql-ca.crt
|
||||||
|
- mountPath: /run/authelia/certs/dch-root-ca.crt
|
||||||
|
name: dch-root-ca
|
||||||
|
subPath: dch-root-ca.crt
|
||||||
- mountPath: /run/authelia/secrets/postgresql
|
- mountPath: /run/authelia/secrets/postgresql
|
||||||
name: postgresql-auth
|
name: postgresql-auth
|
||||||
volumes:
|
volumes:
|
||||||
@@ -48,3 +55,6 @@ patches:
|
|||||||
- name: postgresql-ca
|
- name: postgresql-ca
|
||||||
configMap:
|
configMap:
|
||||||
name: postgresql-ca
|
name: postgresql-ca
|
||||||
|
- name: dch-root-ca
|
||||||
|
configMap:
|
||||||
|
name: dch-root-ca
|
||||||
|
|||||||
Reference in New Issue
Block a user