The forseti-security charts inject the contents of _forseti_confserver.yaml into a ConfigMap via the value of server.config.contents. This ConfigMap is then mounted inside the forseti-server container. This is done because previously, the forseti-server could only read _forseti_confserver.yaml locally. With the merge of https://github.com/forseti-security/forseti-security/pull/3460, the forseti-server container can read the config file directly from GCS.
Proposal
If the server.config.contents is empty, read the _forseti_confserver.yaml file from GCS.
Validation
GIVEN server.config.contents has a value
WHEN Forseti on-GKE is deployed
THEN A ConfigMap is created and mounted in the forseti-server container
GIVEN server.config.contents has no value
WHEN Forseti on-GKE is deployed
THEN A ConfigMap is neither created nor mounted in the forseti-server container, and the forseti-server process reads the content from GCS.
Story
The forseti-security charts inject the contents of _forseti_confserver.yaml into a ConfigMap via the value of
server.config.contents. This ConfigMap is then mounted inside the forseti-server container. This is done because previously, the forseti-server could only read _forseti_confserver.yaml locally. With the merge of https://github.com/forseti-security/forseti-security/pull/3460, the forseti-server container can read the config file directly from GCS.Proposal
If the
server.config.contentsis empty, read the _forseti_confserver.yaml file from GCS.Validation
GIVEN server.config.contents has a value WHEN Forseti on-GKE is deployed THEN A ConfigMap is created and mounted in the forseti-server container
GIVEN server.config.contents has no value WHEN Forseti on-GKE is deployed THEN A ConfigMap is neither created nor mounted in the forseti-server container, and the forseti-server process reads the content from GCS.