From d06348afe784adda88ca61da4e2cee148111cc3c Mon Sep 17 00:00:00 2001 From: gruberdev Date: Wed, 27 Dec 2023 00:09:20 -0300 Subject: [PATCH] [networking] copied certs on runtime for unifi --- .../unifi/controller/base/deployment.yaml | 42 ++++++++++--------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/apps/networking/unifi/controller/base/deployment.yaml b/apps/networking/unifi/controller/base/deployment.yaml index 9e918943..c9a20e22 100644 --- a/apps/networking/unifi/controller/base/deployment.yaml +++ b/apps/networking/unifi/controller/base/deployment.yaml @@ -19,13 +19,28 @@ spec: app: unifi-controller spec: terminationGracePeriodSeconds: 5 + initContainers: + - name: volume-permissions + image: busybox + securityContext: + runAsUser: 0 + command: + [ + "/bin/sh", + "-c", + "chown -R 999:999 /unifi && cp /tmp-secrets/* /certs/", + ] + volumeMounts: + - name: data + mountPath: /unifi + - name: temp-secrets + mountPath: /tmp-secrets + readOnly: true + - name: certs + mountPath: /certs containers: - name: unifi-controller image: jacobalberty/unifi:v7.4.162 - lifecycle: - postStart: - exec: - command: ["sudo", "chown", "-R", "/unifi"] securityContext: runAsUser: 999 runAsGroup: 999 @@ -71,12 +86,6 @@ spec: mountPath: /unifi/data - name: logs mountPath: /unifi/log - - name: unifi-cert - mountPath: /unifi/cert/cert.pem - subPath: cert.pem - - name: unifi-key - mountPath: /unifi/cert/privkey.pem - subPath: privkey.pem - mountPath: /unifi/data/sites/default/gateway.config.json name: config subPath: gateway.config.json @@ -108,18 +117,11 @@ spec: claimName: unifi-storage - name: logs emptyDir: {} - - name: unifi-cert + - name: temp-secrets secret: secretName: unifi-tls - items: - - key: tls.crt - path: cert.pem - - name: unifi-key - secret: - secretName: unifi-tls - items: - - key: tls.key - path: privkey.pem + - name: certs + emptyDir: {} - name: config configMap: name: unifi-controller-cm