Add support for cert-manager

[nonrtric.git] / service-exposure / rapps-webhook.yaml

diff --git a/service-exposure/rapps-webhook.yaml b/service-exposure/rapps-webhook.yaml
index d41ddf4..c04c8a9 100644 (file)
--- a/service-exposure/rapps-webhook.yaml
+++ b/service-exposure/rapps-webhook.yaml
@@ -1,6 +1,6 @@
 #
 # ============LICENSE_START=======================================================
-#  Copyright (C) 2022 Nordix Foundation.
+#  Copyright (C) 2022-2023 Nordix Foundation.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -44,6 +44,8 @@ metadata:
   namespace: default
   labels:
     app: jwt-proxy-admission-controller
+    app.kubernetes.io/instance: jwt-proxy-admission-controller
+    app.kubernetes.io/name: jwt-proxy-admission-controller
 spec:
   selector:
     matchLabels:
@@ -53,6 +55,8 @@ spec:
       labels:
         app: jwt-proxy-admission-controller
         version: v1
+        app.kubernetes.io/instance: jwt-proxy-admission-controller
+        app.kubernetes.io/name: jwt-proxy-admission-controller
     spec:
       serviceAccountName: webhook-app
       containers:
@@ -64,7 +68,7 @@ spec:
                 "-port", "8443",
                 "-tlsCertFile", "/certs/tls.crt",
                 "-tlsKeyFile", "/certs/tls.key",
-                "-hostPath", "/var/rapps/certs"
+                "-secret", "cm-keycloak-client-certs",
               ]
         ports:
         - containerPort: 8443
@@ -82,7 +86,7 @@ spec:
       volumes:
         - name: webhook-cert
           secret:
-            secretName: webhook-cert
+            secretName: cm-webhook-server-certs
   replicas: 1
 ---
 apiVersion: v1
@@ -90,6 +94,10 @@ kind: Service
 metadata:
   name: jwt-proxy-admission-controller
   namespace: default
+  labels:
+    app: jwt-proxy-admission-controller
+    app.kubernetes.io/instance: jwt-proxy-admission-controller
+    app.kubernetes.io/name: jwt-proxy-admission-controller
 spec:
   selector:
     app: jwt-proxy-admission-controller