From 47560fdf7c7db4c0e50253e434a80d00683071a8 Mon Sep 17 00:00:00 2001
From: Marcelo Mello <tchello.mello@gmail.com>
Date: Wed, 19 Jun 2019 21:21:35 -0400
Subject: [PATCH] Fixes ca_trust_dir and project_data_dir for Kubernetes

---
 installer/inventory                           |  1 -
 .../kubernetes/templates/deployment.yml.j2    | 32 +++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/installer/inventory b/installer/inventory
index 67c92706b9..b0959f35b5 100644
--- a/installer/inventory
+++ b/installer/inventory
@@ -133,7 +133,6 @@ secret_key=awxsecret
 # CA Trust directory. If you need to provide custom CA certificates, supplying
 # this variable causes this directory on the host to be bind mounted over
 # /etc/pki/ca-trust in the awx_task and awx_web containers.
-# NOTE: only obeyed in local_docker install
 #ca_trust_dir=/etc/pki/ca-trust/source/anchors
 
 # Include /etc/nginx/awx_extra.conf
diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2
index c45e5eb735..4d98ab265a 100644
--- a/installer/roles/kubernetes/templates/deployment.yml.j2
+++ b/installer/roles/kubernetes/templates/deployment.yml.j2
@@ -141,6 +141,16 @@ spec:
           ports:
             - containerPort: 8052
           volumeMounts:
+{% if ca_trust_dir is defined %}
+            - name: {{ kubernetes_deployment_name }}-ca-trust-dir
+              mountPath: "/etc/pki/ca-trust/source/anchors/"
+              readOnly: true
+{% endif %}
+{% if project_data_dir is defined %}
+            - name: {{ kubernetes_deployment_name }}-project-data-dir
+              mountPath: "/var/lib/awx/projects"
+              readOnly: false
+{% endif %}
             - name: {{ kubernetes_deployment_name }}-application-config
               mountPath: "/etc/tower/settings.py"
               subPath: settings.py
@@ -176,6 +186,16 @@ spec:
             - /usr/bin/launch_awx_task.sh
           imagePullPolicy: Always
           volumeMounts:
+{% if ca_trust_dir is defined %}
+            - name: {{ kubernetes_deployment_name }}-ca-trust-dir
+              mountPath: "/etc/pki/ca-trust/source/anchors/"
+              readOnly: true
+{% endif %}
+{% if project_data_dir is defined %}
+            - name: {{ kubernetes_deployment_name }}-project-data-dir
+              mountPath: "/var/lib/awx/projects"
+              readOnly: false
+{% endif %}
             - name: {{ kubernetes_deployment_name }}-application-config
               mountPath: "/etc/tower/settings.py"
               subPath: settings.py
@@ -274,6 +294,18 @@ spec:
               cpu: "{{ memcached_cpu_limit }}m"
 {% endif %}
       volumes:
+{% if ca_trust_dir is defined %}
+        - name: {{ kubernetes_deployment_name }}-ca-trust-dir
+          hostPath:
+            path: "{{ ca_trust_dir }}"
+            type: Directory
+{% endif %}
+{% if project_data_dir is defined %}
+        - name: {{ kubernetes_deployment_name }}-project-data-dir
+          hostPath:
+            path: "{{ project_data_dir }}"
+            type: Directory
+{% endif %}
         - name: {{ kubernetes_deployment_name }}-application-config
           configMap:
             name: {{ kubernetes_deployment_name }}-config