Add values to inject trusted certs into streaming

2025-05-17 20:43:21 +00:00 · 2023-10-06 12:13:26 -05:00 · 2023-10-06 12:13:26 -05:00 · 112f6db80f
commit 112f6db80f
parent 089adff9a5
2 changed files with 35 additions and 0 deletions
--- a/templates/deployment-streaming.yaml
+++ b/templates/deployment-streaming.yaml
@ -37,6 +37,16 @@ spec:
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with .Values.mastodon.streaming.extraCerts }}
+      {{- $name := .name | default "extra-certs" }}
+      volumes:
+        - name: {{ $name }}
+          secret:
+            secretName: {{ .existingSecret }}
+            items:
+            - key: ca.crt
+              path: trusted-ca.crt
+      {{- end }}
      containers:
        - name: {{ .Chart.Name }}-streaming
          {{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
@ -48,10 +58,27 @@ spec:
          command:
            - node
            - ./streaming
+          {{- with .Values.mastodon.streaming.extraCerts }}
+          volumeMounts:
+          - name: {{ $name }}
+            mountPath: "/usr/local/share/ca-certificates"
+          {{- end }}
          envFrom:
            - configMapRef:
                name: {{ include "mastodon.fullname" . }}-env
          env:
+            {{- with .Values.mastodon.streaming.extraCerts }}
+            - name: "NODE_EXTRA_CA_CERTS"
+              value: "/usr/local/share/ca-certificates/trusted-ca.crt"
+            {{- with .sslMode }}
+            - name: "DB_SSLMODE"
+              value: {{ . }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.postgresql.postgresqlReplicaHostname }}
+            - name: "DB_HOST"
+              value: {{ . }}
+            {{- end }}
            - name: "DB_PASS"
              valueFrom:
                secretKeyRef:
--- a/values.yaml
+++ b/values.yaml
@ -213,6 +213,14 @@ mastodon:
    # requests:
    #   cpu: 250m
    #   memory: 128Mi
+    # -- Self-signed certificate(s) the (Node.js) needs to trust to connect to e.g. the database
+    extraCerts: {}
+    # -- Secret containing a key "ca.crt" holding one or more root certificates in PEM format
+    #  existingSecret:
+    # -- Optional volume name for mounting the .crt file, defaults to "extra-certs"
+    #  name:
+    # -- Optional sslMode setting. See nodejs's SSL_MODE. Consider "no-verify"
+    #  sslMode:
  web:
    port: 3000
    # -- Number of Web Pods running