From b0987debc4121ad7982795308cdf9b12c1ae1f55 Mon Sep 17 00:00:00 2001 From: Tim Carter Date: Wed, 11 Dec 2024 14:25:17 +1100 Subject: [PATCH] Integrate indy sidecar into buildah-oci-ta. --- deploy/tasks/buildah-oci-ta.yaml | 36 ++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/deploy/tasks/buildah-oci-ta.yaml b/deploy/tasks/buildah-oci-ta.yaml index af1124560..41094d53c 100644 --- a/deploy/tasks/buildah-oci-ta.yaml +++ b/deploy/tasks/buildah-oci-ta.yaml @@ -187,6 +187,10 @@ spec: description: The HTTP port to use for the domain proxy. type: string default: 8080 + - name: ENABLE_INDY_PROXY + type: string + description: Enable the indy generic proxy (true/false) + default: "false" results: - name: IMAGE_DIGEST description: Digest of the image just built @@ -219,6 +223,17 @@ spec: secretName: $(params.ENTITLEMENT_SECRET) - name: shared emptyDir: {} + - name: indy-generic-proxy-stage-secrets + secret: + optional: true + secretName: indy-generic-proxy-secrets + - name: indy-generic-proxy-stage-config + configMap: + items: + - key: application.yaml + path: application.yaml + name: indy-generic-proxy-stage-config + optional: true - name: trusted-ca configMap: items: @@ -840,3 +855,24 @@ spec: requests: cpu: 100m memory: 256Mi + sidecars: + - name: indy-generic-proxy + image: quay.io/factory2/indy-generic-proxy-service:latest-stage-mpplus + volumeMounts: + - name: indy-generic-proxy-stage-secrets + readOnly: true + mountPath: /mnt/secrets-generic-proxy + - name: indy-generic-proxy-stage-config + readOnly: true + mountPath: /deployment/config + computeResources: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 200m + memory: 512Mi + script: | + if [ "$(params.ENABLE_INDY_PROXY)" == "true" ]; then + /usr/local/bin/dumb-init /deployment/start-service.sh + fi