Correct destination of nomad-ca.crt template to be inside NOMAD_SECRETS_DIR

.gitlab-ci.yml

@@ -147,6 +147,7 @@ test_e2e:
     - export NOMAD_NAMESPACE="$NOMAD_SLUG"
     - nomad namespace apply $NOMAD_NAMESPACE
   script:
+    - export NOMAD_CACERT_DATA=$(cat $NOMAD_CACERT)
     # Only replace set env vars
     - envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < deploy/api.tpl.nomad > deploy/api.nomad
     # Make sure to set NOMAD_ADDR, NOMAD_SKIP_VERIFY and NOMAD_TOKEN env vars in CI settings appropriately

deploy/api.tpl.nomad

@@ -62,8 +62,13 @@ job "${NOMAD_SLUG}" {
       }
 
       template {
-          source        = "${NOMAD_CACERT}"
+          data          = <<EOH
-          destination   = "/home/api/nomad-ca.crt"
+${NOMAD_CACERT_DATA}
+EOH
+          // Note that only some destinations are allowed here
+          // (see https://www.nomadproject.io/docs/job-specification/template#destination).
+          // The secrets folder (NOMAD_SECRETS_DIR) is one of them.
+          destination   = "secrets/nomad-ca.crt"
           change_mode   = "noop"
       }
 
@@ -73,7 +78,7 @@ job "${NOMAD_SLUG}" {
         POSEIDON_NOMAD_NAMESPACE  = "${NOMAD_NAMESPACE}"
         POSEIDON_NOMAD_TOKEN      = "${DEPLOY_POSEIDON_NOMAD_TOKEN}"
         POSEIDON_NOMAD_TLS_ACTIVE = "${DEPLOY_POSEIDON_NOMAD_TLS_ACTIVE}"
-        POSEIDON_NOMAD_TLS_CAFILE = "nomad-ca.crt"
+        POSEIDON_NOMAD_TLS_CAFILE = "/secrets/nomad-ca.crt"
       }
 
       resources {