hswaw/kube: add cert for piorekf
Change-Id: I302ced35503197522151177663c4321e858473e1
diff --git a/hswaw/kube/hswaw.jsonnet b/hswaw/kube/hswaw.jsonnet
index d8a5131..fc92a93 100644
--- a/hswaw/kube/hswaw.jsonnet
+++ b/hswaw/kube/hswaw.jsonnet
@@ -53,6 +53,8 @@
// For now, we need this running.
// TODO(q3k): remove this when we have an API GW or proxy.
stopgap: {
+ local stopgap = self,
+
rpcLB: kube.Service("smsgw-tcp-rpc") {
metadata+: smsgw.metadata,
target_pod: smsgw.deployment.spec.template,
@@ -64,10 +66,10 @@
},
},
- rpcCertificate: kube.Certificate("smsgw-tcp-rpc-consumer") {
+ mkClientCert(name, cn):: kube.Certificate(name) {
metadata+: smsgw.metadata,
spec: {
- secretName: "smsgw-tcp-rpc-consumer",
+ secretName: name,
duration: "35040h0m0s", // 4 years
issuerRef: {
// Contract with cluster/lib/pki.libsonnet.
@@ -75,9 +77,12 @@
name: "pki-ca",
kind: "ClusterIssuer",
},
- commonName: "kasownik.external.hswaw.net",
+ commonName: cn,
},
},
+
+ kasownikCert: stopgap.mkClientCert("smsgw-tcp-rpc-consumer", "kasownik.external.hswaw.net"),
+ piorekfCert: stopgap.mkClientCert("smsgw-tcp-rpc-piorekf", "piorekf.person.hswaw.net"),
}
},
},