fix: create volume mount with cacert when caCertFile is defined

charts/snyk-broker/templates/broker_deployment.yaml

@@ -86,7 +86,7 @@ spec:
                 mountPath: /home/node/private
                 readOnly: true
               {{- end }}
-              {{- if .Values.caCert }}
+              {{- if or (.Values.caCert) (.Values.caCertFile) }}
               - name: {{ include "snyk-broker.fullname" . }}-cacert-volume
                 mountPath: /home/node/cacert
                 readOnly: true
@@ -95,7 +95,7 @@ spec:
               - name: {{ include "snyk-broker.fullname" . }}-tls-secret-volume
                 mountPath: /home/node/tls-cert/
                 readOnly: true
-              {{- end }}                 
+              {{- end }}
 {{- if .Values.extraVolumeMounts }}
 {{ tpl (toYaml .Values.extraVolumeMounts | indent 14) . }}
 {{- end }}
@@ -373,14 +373,21 @@ spec:
               value: {{ .Values.logLevel }}
             - name: LOG_ENABLE_BODY
               value: {{ .Values.logEnableBody | squote }}
-             
+
          {{- if .Values.caCert }}
          # HTTPS Inspection 
             - name: CA_CERT
               value: /home/node/cacert/{{ .Values.caCert }}
             - name: NODE_EXTRA_CA_CERTS
               value: /home/node/cacert/{{ .Values.caCert }}
          {{- end }}
+         {{- if .Values.caCertFile }}
+          # HTTPS Inspection
+            - name: CA_CERT
+              value: /home/node/cacert/cacert
+            - name: NODE_EXTRA_CA_CERTS
+              value: /home/node/cacert/cacert
+         {{- end }}
 
          {{- if .Values.httpsCert }}
          # HTTPS Config
@@ -460,7 +467,7 @@ spec:
         configMap:
           name: {{ include "snyk-broker.fullname" . }}-accept-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
       {{- end }}
-      {{- if .Values.caCert }}
+      {{- if or (.Values.caCert) (.Values.caCertFile) }}
       - name: {{ include "snyk-broker.fullname" . }}-cacert-volume
         configMap:
           name: {{ include "snyk-broker.fullname" . }}-cacert-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}

charts/snyk-broker/templates/cacert_configmap.yaml

@@ -19,5 +19,5 @@ metadata:
   labels:
     {{- include "snyk-broker.labels" . | nindent 4 }}
 data:
-  cacert: {{ .Values.caCertFile | nindent 4}}
+  cacert: {{ .Values.caCertFile | toYaml | nindent 4}}
 {{- end }}

charts/snyk-broker/values.yaml

@@ -206,6 +206,8 @@ httpsKey: ""
 # Not supported by Snyk Container Registry Agent or Snyk Code Agent (use tlsRejectUnauthorized instead). Location of mounted custom certificate. To allow visibility for SSL Inspection. 
 caCert: ""
 
+caCertFile: ""
+
 # Set to "0" to disable trust validation when using self signed certificates. 
 tlsRejectUnauthorized: ""