feat: modify for custom CA certificates (#486)

SwissDataScienceCenter · Feb 7, 2022 · c6774a4 · c6774a4
1 parent bdd1c49
commit c6774a4
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 2 deletions.
diff --git a/helm-chart/renku-gateway/requirements.yaml b/helm-chart/renku-gateway/requirements.yaml
@@ -0,0 +1,4 @@
+dependencies:
+- name: certificates
+  version: "0.0.1"
+  repository: "https://swissdatasciencecenter.github.io/helm-charts/"
diff --git a/helm-chart/renku-gateway/templates/configmap.yaml b/helm-chart/renku-gateway/templates/configmap.yaml
@@ -12,10 +12,10 @@ data:
   traefik.toml: |
     {{ if .Values.development }}
     [log]
-      level = "debug"
+      level = "DEBUG"
     {{ else }}
     [log]
-      level = "error"
+      level = "ERROR"
     {{ end }}
 
     [api]

diff --git a/helm-chart/renku-gateway/templates/deployment.yaml b/helm-chart/renku-gateway/templates/deployment.yaml
@@ -26,6 +26,9 @@ spec:
         - name: config
           configMap:
             name: {{ template "gateway.fullname" . }}
+        {{- include "certificates.volumes" . | nindent 8 }}
+      initContainers:
+        {{- include "certificates.initContainer" . | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -41,6 +44,7 @@ spec:
           volumeMounts:
             - mountPath: /config
               name: config
+            {{- include "certificates.volumeMounts.system" . | nindent 12 }}
           readinessProbe:
             tcpSocket:
               port: {{ .Values.service.port }}
@@ -94,6 +98,8 @@ spec:
         release: {{ .Release.Name }}
         {{ include "call-nested" (list . "redis" "redis.fullname") }}-client: "true"
     spec:
+      initContainers:
+        {{- include "certificates.initContainer" . | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.auth.repository }}:{{ .Values.image.auth.tag }}"
@@ -172,6 +178,9 @@ spec:
               value: {{ .Values.sentry.dsn }}
             - name: SENTRY_ENVIRONMENT
               value: {{ .Values.sentry.environment }}
+            {{- include "certificates.env.python" . | nindent 12 }}
+          volumeMounts:
+            {{- include "certificates.volumeMounts.system" . | nindent 12 }}
           livenessProbe:
             httpGet:
               path: /health
@@ -200,3 +209,5 @@ spec:
       tolerations:
 {{ toYaml . | indent 8 }}
     {{- end }}
+      volumes:
+        {{- include "certificates.volumes" . | nindent 8 }}
diff --git a/helm-chart/renku-gateway/values.yaml b/helm-chart/renku-gateway/values.yaml
@@ -40,6 +40,18 @@ global:
   keycloak:
     ## Explicitly set another realm than "renku" here
     realm:
+
+  ## Specify a secret that containes the certificate
+  ## if you would like to use a custom CA. The key for the secret
+  ## should have the .crt extension otherwise it is ignored. The
+  ## keys across all secrets are mounted as files in one location so
+  ## the keys across all secrets have to be unique.
+  certificates:
+    image:
+      repository: renku/certificates
+      tag: '0.0.1'
+    customCAs: []
+      # - secret:
 
 replicaCount: 1