Skip to content

Commit

Permalink
Support for custom CA certs
Browse files Browse the repository at this point in the history
  • Loading branch information
noggi committed Sep 24, 2024
1 parent f82912d commit e0d2bae
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 1 deletion.
2 changes: 1 addition & 1 deletion charts/datahub-executor-worker/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: datahub-executor-worker
description: A Helm chart for datahub-executor-worker
type: application
version: 0.0.6
version: 0.0.7
appVersion: 0.0.1
maintainers:
- name: DataHub
Expand Down
40 changes: 40 additions & 0 deletions charts/datahub-executor-worker/templates/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,10 +59,40 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
{{- with .Values.extraCaCerts }}
- name: ca-certs
emptyDir: {}
{{- range $key, $value := . }}
- name: {{ $key }}
secret:
secretName: {{ $value }}
{{- end }}
{{- end }}
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
initContainers:
{{- if .Values.extraCaCerts }}
- name: install-ca-certs
image: "{{ .Values.image.repository }}:{{ required "image tag is required" .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/bin/bash", "-c"]
args:
- update-ca-certificates && cp -Lr /etc/ssl/certs/. /mnt/ca-certs/
securityContext:
privileged: true
runAsUser: 0
volumeMounts:
- name: ca-certs
mountPath: /mnt/ca-certs
{{- with .Values.extraCaCerts -}}
{{ range $key, $value := . }}
- mountPath: "/usr/local/share/ca-certificates/{{ $key }}"
name: {{ $key | quote }}
readOnly: true
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.extraInitContainers }}
{{- .Values.extraInitContainers | toYaml | nindent 6 }}
{{- end }}
Expand Down Expand Up @@ -109,10 +139,20 @@ spec:
value: {{ .Values.global.datahub.executor.ingestions.signal_poll_interval | quote }}
- name: DATAHUB_EXECUTOR_MONITORS_MAX_WORKERS
value: {{ .Values.global.datahub.executor.monitors.max_workers | quote }}
{{- if .Values.extraCaCerts }}
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
- name: SSL_CERT_FILE
value: /etc/ssl/certs/ca-certificates.crt
{{- end }}
{{- if .Values.extraEnvs }}
{{ toYaml .Values.extraEnvs | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.extraCaCerts }}
- name: ca-certs
mountPath: /etc/ssl/certs
{{- end }}
{{- if .Values.persistentVolume.enabled }}
- name: executor-storage-volume
mountPath: {{ .Values.persistentVolume.mountPath }}
Expand Down
2 changes: 2 additions & 0 deletions charts/datahub-executor-worker/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,8 @@ extraVolumeMounts: []

extraInitContainers: []

extraCaCerts: {}

extraLabels: {}

extraPodLabels: {}
Expand Down

0 comments on commit e0d2bae

Please sign in to comment.