From: Mike Ludwig Date: Thu, 22 Oct 2020 14:25:57 +0000 (-0400) Subject: support custom CA bundle for the api-server X-Git-Url: https://git.arvados.org/arvados-k8s.git/commitdiff_plain/dcdcd547450ce51f74df96143e9955fc4236888c?hp=ba72940a5395f7080f58f53b5f7f6104c8a94b8b support custom CA bundle for the api-server Arvados-DCO-1.1-Signed-off-by: Michael Ludwig --- diff --git a/charts/arvados/templates/api-server-deployment.yaml b/charts/arvados/templates/api-server-deployment.yaml index 7b5bb5c..4f90fca 100644 --- a/charts/arvados/templates/api-server-deployment.yaml +++ b/charts/arvados/templates/api-server-deployment.yaml @@ -49,6 +49,11 @@ spec: - name: api-server-configmap mountPath: /etc/nginx/sites-enabled/api-server.conf subPath: nginx.conf + {{- if .Values.customCABundle }} + - name: custom-ca-bundle-volume + mountPath: /etc/ssl/certs/ca-certificates.crt + subPath: custom-ca-bundle.pem + {{- end }} - name: arvados-controller image: "cure/arvados-runtime" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -86,3 +91,8 @@ spec: - name: nginx-configmap configMap: name: arvados-api-server-https-configmap + {{- if .Values.customCABundle }} + - name: custom-ca-bundle-volume + configMap: + name: custom-ca-bundle-configmap + {{- end }} diff --git a/charts/arvados/templates/custom-ca-bundle-configmap.yaml b/charts/arvados/templates/custom-ca-bundle-configmap.yaml new file mode 100644 index 0000000..580b4d9 --- /dev/null +++ b/charts/arvados/templates/custom-ca-bundle-configmap.yaml @@ -0,0 +1,16 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-ca-bundle-configmap + labels: + app: {{ template "arvados.name" . }} + chart: {{ template "arvados.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + custom-ca-bundle.pem: | +{{ .Values.customCABundle | indent 4 }} diff --git a/charts/arvados/values.yaml b/charts/arvados/values.yaml index 724cfd8..e17804c 100644 --- a/charts/arvados/values.yaml +++ b/charts/arvados/values.yaml @@ -58,3 +58,8 @@ arvados: arvados: 2.0.2 arvadosCLI: 2.0.2 arvadosLoginSync: 2.0.2 + +# A custom bundle of CA certificates to use. +# Useful for corporate networks with TLS proxies. +# Set it by using the --set-file Helm argument. +customCABundle: ""