From 3733f64935810d9a33b50984113e4e12913405ef Mon Sep 17 00:00:00 2001
From: Matt Liggett <mml@google.com>
Date: Tue, 21 Jun 2016 13:25:42 -0700
Subject: [PATCH] Add ssl certs to federation-controller-manager container.

Fixes #27684.

For now, I'm simply poking a hole to grab the system /etc/ssl/certs.  If
we decide we want something less dependent on the node filesystem, we
will need to decide how we pick a "distro" more sophisticated than
busybox for federation components running on k8s.  I'll open a followup
issue to discuss this.
---
 .../federation-controller-manager-deployment.yaml         | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/federation/manifests/federation-controller-manager-deployment.yaml b/federation/manifests/federation-controller-manager-deployment.yaml
index 438e7bf90a0..85a50b34751 100644
--- a/federation/manifests/federation-controller-manager-deployment.yaml
+++ b/federation/manifests/federation-controller-manager-deployment.yaml
@@ -13,8 +13,16 @@ spec:
         app: federated-cluster
         module: federation-controller-manager
     spec:
+      volumes:
+      - name: ssl-certs
+        hostPath:
+          path: /etc/ssl/certs
       containers:
       - name: controller-manager
+        volumeMounts:
+        - name: ssl-certs
+          readOnly: true
+          mountPath: /etc/ssl/certs
         image: {{.FEDERATION_CONTROLLER_MANAGER_IMAGE_REPO}}:{{.FEDERATION_CONTROLLER_MANAGER_IMAGE_TAG}}
         command:
         - /usr/local/bin/federation-controller-manager