aboutsummaryrefslogtreecommitdiffstats
path: root/environments/docker-services-tls-everywhere.yaml
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-02 10:34:02 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-08-14 15:06:14 +0000
commit1b119110c052805eaf30be26df5fb30809eb49e0 (patch)
treec6667c83b0a6654239730d59deb9316fded7ddb5 /environments/docker-services-tls-everywhere.yaml
parent5144634d9bc3afd79ff934b9e913f6b9689e374b (diff)
Enable TLS for containerized haproxy
This bind mounts the certificates if TLS is enabled in the internal network. It also disables the CRL usage since we can't restart haproxy at the rate that the CRL is updated. This will be addressed later and is a known limitation of using containerized haproxy (there's the same issue in the HA scenario). To address the different UID that the certs and keys will have, I added an extra step that changes the ownership of these files; though this only gets included if TLS in the internal network is enabled. bp tls-via-certmonger-containers Depends-On: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec Change-Id: Ic6ca88ee7b6b256ae6182e60e07498a8a793d66a
Diffstat (limited to 'environments/docker-services-tls-everywhere.yaml')
-rw-r--r--environments/docker-services-tls-everywhere.yaml1
1 files changed, 1 insertions, 0 deletions
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
index 49d02e6f..e227366c 100644
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -41,3 +41,4 @@ resource_registry:
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
+ OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml