- name: api-server-configmap
mountPath: /etc/nginx/sites-enabled/api-server.conf
subPath: nginx.conf
+ {{- if .Values.customCABundle }}
+ - name: custom-ca-bundle-volume
+ mountPath: /etc/ssl/certs/ca-certificates.crt
+ subPath: custom-ca-bundle.pem
+ {{- end }}
- name: arvados-controller
image: "cure/arvados-runtime"
imagePullPolicy: {{ .Values.image.pullPolicy }}
- name: nginx-configmap
configMap:
name: arvados-api-server-https-configmap
+ {{- if .Values.customCABundle }}
+ - name: custom-ca-bundle-volume
+ configMap:
+ name: custom-ca-bundle-configmap
+ {{- end }}
chart: {{ template "arvados.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+ annotations:
+ {{- range $key, $value := .Values.loadBalancer.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
spec:
type: LoadBalancer
- externalTrafficPolicy: Local
+ externalTrafficPolicy: {{ .Values.loadBalancer.apiServerExternalTrafficPolicy }}
loadBalancerIP: {{ required "A valid externalIP is required!" .Values.externalIP }}
ports:
- name: http
--- /dev/null
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: custom-ca-bundle-configmap
+ labels:
+ app: {{ template "arvados.name" . }}
+ chart: {{ template "arvados.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ custom-ca-bundle.pem: |
+{{ .Values.customCABundle | indent 4 }}
chart: {{ template "arvados.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+ annotations:
+ {{- range $key, $value := .Values.loadBalancer.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
spec:
type: LoadBalancer
loadBalancerIP: {{ required "A valid externalIP is required!" .Values.externalIP }}
chart: {{ template "arvados.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+ annotations:
+ {{- range $key, $value := .Values.loadBalancer.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
spec:
type: LoadBalancer
loadBalancerIP: {{ required "A valid externalIP is required!" .Values.externalIP }}
chart: {{ template "arvados.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+ annotations:
+ {{- range $key, $value := .Values.loadBalancer.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
spec:
type: LoadBalancer
loadBalancerIP: {{ required "A valid externalIP is required!" .Values.externalIP }}
- name: ssl-configmap
mountPath: /etc/ssl/private/workbench.key
subPath: key
+ {{- if .Values.customCABundle }}
+ - name: custom-ca-bundle-volume
+ mountPath: /etc/ssl/certs/ca-certificates.crt
+ subPath: custom-ca-bundle.pem
+ {{- end }}
volumes:
- name: etc-configmap
configMap:
- name: ssl-configmap
configMap:
name: ssl-configmap
+ {{- if .Values.customCABundle }}
+ - name: custom-ca-bundle-volume
+ configMap:
+ name: custom-ca-bundle-configmap
+ {{- end }}
+
chart: {{ template "arvados.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+ annotations:
+ {{- range $key, $value := .Values.loadBalancer.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
spec:
type: LoadBalancer
loadBalancerIP: {{ required "A valid externalIP is required!" .Values.externalIP }}
chart: {{ template "arvados.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+ annotations:
+ {{- range $key, $value := .Values.loadBalancer.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
spec:
type: LoadBalancer
loadBalancerIP: {{ required "A valid externalIP is required!" .Values.externalIP }}
# Must be set to a valid IP address, e.g. by using --set when invoking helm
externalIP: ~
+loadBalancer:
+ # Annotations to add to all LoadBalancer Services.
+ # This is required for MetalLB, since the same externalIP is reused for all
+ # services, and sharing is disabled by default.
+ # metallb.universe.tf/allow-shared-ip: arbitrary-sharing-key
+ annotations:
+
+ # externalTrafficPolicy for the api-server-service
+ # Set to Cluster if using MetalLB, otherwise an externalIP won't be allocated
+ apiServerExternalTrafficPolicy: Local
+
# The default e-mail address and password for the initial cluster admin user
adminUserEmail: "test@example.com"
adminUserPassword: "passw0rd"
arvados: 2.0.2
arvadosCLI: 2.0.2
arvadosLoginSync: 2.0.2
+
+# A custom bundle of CA certificates to use.
+# Useful for corporate networks with TLS proxies.
+# Set it by using the --set-file Helm argument.
+customCABundle: ""