Code Review / apex-tripleo-heat-templates.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 5144634) | patch
Enable TLS for containerized haproxy
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>
Wed, 2 Aug 2017 07:34:02 +0000 (10:34 +0300)
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>
Mon, 14 Aug 2017 15:06:14 +0000 (15:06 +0000)
commit1b119110c052805eaf30be26df5fb30809eb49e0
treec6667c83b0a6654239730d59deb9316fded7ddb5tree | snapshot
parent5144634d9bc3afd79ff934b9e913f6b9689e374bcommit | diff
Enable TLS for containerized haproxy

This bind mounts the certificates if TLS is enabled in the internal
network. It also disables the CRL usage since we can't restart haproxy
at the rate that the CRL is updated. This will be addressed later and
is a known limitation of using containerized haproxy (there's the same
issue in the HA scenario). To address the different UID that the certs
and keys will have, I added an extra step that changes the ownership
of these files; though this only gets included if TLS in the internal
network is enabled.

bp tls-via-certmonger-containers

Depends-On: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec
Change-Id: Ic6ca88ee7b6b256ae6182e60e07498a8a793d66a
docker/services/haproxy.yaml diff | blob | history
environments/docker-services-tls-everywhere.yaml diff | blob | history