mirror of
https://github.com/mastodon/chart
synced 2025-03-14 21:11:50 +00:00
Add values to inject trusted certs into streaming (#92)
Co-authored-by: Tim Campbell <timetinytim@gmail.com>
This commit is contained in:
parent
5fb5416a11
commit
674d9c4252
|
@ -39,6 +39,16 @@ spec:
|
|||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.streaming.extraCerts }}
|
||||
{{- $name := .name | default "extra-certs" }}
|
||||
volumes:
|
||||
- name: {{ $name }}
|
||||
secret:
|
||||
secretName: {{ .existingSecret }}
|
||||
items:
|
||||
- key: ca.crt
|
||||
path: trusted-ca.crt
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}-streaming
|
||||
{{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
|
||||
|
@ -50,6 +60,12 @@ spec:
|
|||
command:
|
||||
- node
|
||||
- ./streaming
|
||||
{{- with .Values.mastodon.streaming.extraCerts }}
|
||||
{{- $name := .name | default "extra-certs" }}
|
||||
volumeMounts:
|
||||
- name: {{ $name }}
|
||||
mountPath: "/usr/local/share/ca-certificates"
|
||||
{{- end }}
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "mastodon.fullname" . }}-env
|
||||
|
@ -58,6 +74,18 @@ spec:
|
|||
name: {{ .Values.mastodon.extraEnvFrom }}
|
||||
{{- end}}
|
||||
env:
|
||||
{{- with .Values.mastodon.streaming.extraCerts }}
|
||||
- name: "NODE_EXTRA_CA_CERTS"
|
||||
value: "/usr/local/share/ca-certificates/trusted-ca.crt"
|
||||
{{- with .sslMode }}
|
||||
- name: "DB_SSLMODE"
|
||||
value: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.postgresql.postgresqlReplicaHostname }}
|
||||
- name: "DB_HOST"
|
||||
value: {{ . }}
|
||||
{{- end }}
|
||||
- name: "DB_PASS"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
|
|
@ -230,6 +230,14 @@ mastodon:
|
|||
# requests:
|
||||
# cpu: 250m
|
||||
# memory: 128Mi
|
||||
# -- Self-signed certificate(s) the (Node.js) needs to trust to connect to e.g. the database
|
||||
extraCerts: {}
|
||||
# -- Secret containing a key "ca.crt" holding one or more root certificates in PEM format
|
||||
# existingSecret:
|
||||
# -- Optional volume name for mounting the .crt file, defaults to "extra-certs"
|
||||
# name:
|
||||
# -- Optional sslMode setting. See nodejs's SSL_MODE. Consider "no-verify"
|
||||
# sslMode:
|
||||
web:
|
||||
port: 3000
|
||||
# -- Number of Web Pods running
|
||||
|
|
Loading…
Reference in New Issue
Block a user