From d1d8b0dcae52848f4cf5a135c400987aeaee76f8 Mon Sep 17 00:00:00 2001 From: Sergi Philipsen Date: Mon, 25 Sep 2023 18:59:42 +0200 Subject: [PATCH] feat: make it possible to add ca-certs as secret --- charts/zaakbrug/Chart.yaml | 2 +- charts/zaakbrug/README.md | 11 ++++++++++ .../templates/configmap.zaakbrug.env.yaml | 5 ++++- charts/zaakbrug/templates/deployment.yaml | 21 +++++++++++++++---- charts/zaakbrug/values.schema.json | 16 ++++++++++++++ charts/zaakbrug/values.yaml | 15 +++++++++++++ 6 files changed, 64 insertions(+), 6 deletions(-) diff --git a/charts/zaakbrug/Chart.yaml b/charts/zaakbrug/Chart.yaml index 4d8beed..6ead1e0 100644 --- a/charts/zaakbrug/Chart.yaml +++ b/charts/zaakbrug/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for running ZaakBrug on Kubernetes name: zaakbrug icon: https://raw.githubusercontent.com/wearefrank/charts/master/charts/zaakbrug/icon.png type: application -version: 2.0.7 +version: 2.1.0 dependencies: - name: ff-common diff --git a/charts/zaakbrug/README.md b/charts/zaakbrug/README.md index dc76628..6ab86aa 100644 --- a/charts/zaakbrug/README.md +++ b/charts/zaakbrug/README.md @@ -77,6 +77,17 @@ helm delete zaakbrug | `frank.server.transactionManager` | Set the transaction manager for Tomcat. Options: `NARAYANA`, `BTM`, `` | `""` | | `frank.environmentVariables` | Set extra environment variables for the Frank! | `{}` | +### Section CA Certificates + +Adds given CA Certificated to the truststore. + +The key in the secret will be used as filename. + +| Name | Description | Value | +| ------------------------------ | ----------------------- | ------- | +| `frank.caCertificates.enabled` | Use system certificates | `false` | +| `frank.caCertificates.secrets` | List of secretNames | `[]` | + ### Frank!Framework Connection parameters | Name | Description | Value | diff --git a/charts/zaakbrug/templates/configmap.zaakbrug.env.yaml b/charts/zaakbrug/templates/configmap.zaakbrug.env.yaml index 0a22f80..e742589 100644 --- a/charts/zaakbrug/templates/configmap.zaakbrug.env.yaml +++ b/charts/zaakbrug/templates/configmap.zaakbrug.env.yaml @@ -5,4 +5,7 @@ metadata: labels: {{- include "ff-common.labels" . | nindent 4 }} data: - zaakbrug.zds.timezone: "{{ .Values.zaakbrug.zds.timezone | default "UTC" }}" \ No newline at end of file + zaakbrug.zds.timezone: "{{ .Values.zaakbrug.zds.timezone | default "UTC" }}" + {{- with .Values.frank.caCertificates.enabled }} + USE_SYSTEM_CA_CERTS: "Yes Please" + {{- end }} \ No newline at end of file diff --git a/charts/zaakbrug/templates/deployment.yaml b/charts/zaakbrug/templates/deployment.yaml index 63dd5f0..45a81c8 100644 --- a/charts/zaakbrug/templates/deployment.yaml +++ b/charts/zaakbrug/templates/deployment.yaml @@ -1,11 +1,11 @@ -{{- template "ff-common.deployment" (list . "ff-test.deployment") -}} -{{- define "ff-test.deployment" -}} +{{- template "ff-common.deployment" (list . "zaakbrug.deployment") -}} +{{- define "zaakbrug.deployment" -}} spec: template: spec: containers: - - {{ include "ff-common.container" (list . "ff-test.deployment.container") | nindent 10}} + {{ include "ff-common.container" (list . "zaakbrug.deployment.container") | nindent 10}} volumes: {{- if .Values.securityContext.readOnlyRootFilesystem }} - name: tmpfs @@ -41,8 +41,15 @@ spec: configMap: name: {{ template "ff-common.fullname" . }}-profiles {{- end -}} + {{- if .Values.frank.caCertificates.enabled }} + {{- range .Values.frank.caCertificates.secrets }} + - name: {{ . }}-ca-cert + secret: + secretName: {{ . }} + {{- end }} + {{- end }} {{- end -}} -{{- define "ff-test.deployment.container" -}} +{{- define "zaakbrug.deployment.container" -}} envFrom: - configMapRef: name: {{ template "ff-common.fullname" . }}-env @@ -94,4 +101,10 @@ volumeMounts: subPath: Profiles.json readOnly: true {{- end }} + {{- if .Values.frank.caCertificates.enabled }} + {{- range .Values.frank.caCertificates.secrets }} + - name: {{ . }}-ca-cert + mountPath: /certificates/ + {{- end }} + {{- end }} {{- end -}} \ No newline at end of file diff --git a/charts/zaakbrug/values.schema.json b/charts/zaakbrug/values.schema.json index 5858eca..5f7efc7 100644 --- a/charts/zaakbrug/values.schema.json +++ b/charts/zaakbrug/values.schema.json @@ -182,6 +182,22 @@ "default": "NARAYANA" } } + }, + "caCertificates": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Use system certificates", + "default": false + }, + "secrets": { + "type": "array", + "description": "List of secretNames", + "default": [], + "items": {} + } + } } } }, diff --git a/charts/zaakbrug/values.yaml b/charts/zaakbrug/values.yaml index 77363ee..d2f507c 100644 --- a/charts/zaakbrug/values.yaml +++ b/charts/zaakbrug/values.yaml @@ -124,6 +124,21 @@ frank: ## @param frank.environmentVariables [object] Set extra environment variables for the Frank! ## environmentVariables: { } + ## @section Section CA Certificates + ## @descriptionStart + ## Adds given CA Certificated to the truststore. + ## + ## The key in the secret will be used as filename. + ## + ## Ref: https://github.com/docker-library/docs/blob/master/eclipse-temurin/README.md#can-i-add-my-internal-ca-certificates-to-the-truststore + ## @descriptionEnd + ## + ## @param frank.caCertificates.enabled Use system certificates + ## @param frank.caCertificates.secrets [array] List of secretNames + ## + caCertificates: + enabled: false + secrets: [] ## @section Frank!Framework Connection parameters ##