feat(templates): make use of TLS options in deployments

Jeff Peeler · Jeff Peeler · commit d8996f1c3c01 · 2019-03-25T14:50:56.000-04:00
diff --git a/deploy/chart/templates/0000_50_olm_07-olm-operator.deployment.yaml b/deploy/chart/templates/0000_50_olm_07-olm-operator.deployment.yaml
@@ -37,10 +37,21 @@ spec:
           - -writeStatusName
           - {{ .Values.writeStatusName }}
           {{- end }}
+          {{- if .Values.olm.tlsCertPath }}
+          - -tls-cert
+          - {{ .Values.olm.tlsCertPath }}
+          {{- end }}
+          {{- if .Values.olm.tlsKeyPath }}
+          - -tls-key
+          - {{ .Values.olm.tlsKeyPath }}
+          {{- end }}
           image: {{ .Values.olm.image.ref }}
           imagePullPolicy: {{ .Values.olm.image.pullPolicy }}
           ports:
             - containerPort: {{ .Values.olm.service.internalPort }}
+            - containerPort: 8081
+              name: metrics
+              protocol: TCP
           livenessProbe:
             httpGet:
               path: /healthz
@@ -64,6 +75,14 @@ spec:
           resources:
 {{ toYaml .Values.olm.resources | indent 12 }}
           {{- end}}
+          volumeMounts:
+          - mountPath: /var/run/secrets/serving-cert
+            name: serving-cert
+      volumes:
+      - name: serving-cert
+        secret:
+          secretName: olm-operator-serving-cert
+          optional: true
     {{- if .Values.olm.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.olm.nodeSelector | indent 8 }}
diff --git a/deploy/chart/templates/0000_50_olm_08-catalog-operator.deployment.yaml b/deploy/chart/templates/0000_50_olm_08-catalog-operator.deployment.yaml
@@ -39,10 +39,21 @@ spec:
           - -writeStatusName
           - {{ .Values.writeStatusNameCatalog }}
           {{- end }}
+          {{- if .Values.olm.tlsCertPath }}
+          - -tls-cert
+          - {{ .Values.olm.tlsCertPath }}
+          {{- end }}
+          {{- if .Values.olm.tlsKeyPath }}
+          - -tls-key
+          - {{ .Values.olm.tlsKeyPath }}
+          {{- end }}
           image: {{ .Values.catalog.image.ref }}
           imagePullPolicy: {{ .Values.catalog.image.pullPolicy }}
           ports:
             - containerPort: {{ .Values.catalog.service.internalPort }}
+            - containerPort: 8081
+              name: metrics
+              protocol: TCP
           livenessProbe:
             httpGet:
               path: /healthz
@@ -55,6 +66,14 @@ spec:
           resources:
 {{ toYaml .Values.catalog.resources | indent 12 }}
           {{- end}}
+          volumeMounts:
+          - mountPath: /var/run/secrets/serving-cert
+            name: serving-cert
+      volumes:
+      - name: serving-cert
+        secret:
+          secretName: catalog-operator-serving-cert
+          optional: true
     {{- if .Values.catalog.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.catalog.nodeSelector | indent 8 }}
diff --git a/deploy/ocp/values.yaml b/deploy/ocp/values.yaml
@@ -18,6 +18,8 @@ olm:
     node-role.kubernetes.io/master: ""
   tolerations:
   - operator: Exists
+  tlsCertPath: /var/run/secrets/serving-cert/tls.crt
+  tlsKeyPath: /var/run/secrets/serving-cert/tls.key
 catalog:
   replicaCount: 1
   image:
