Add values to inject trusted certs into streaming (#92)

Co-authored-by: Tim Campbell <timetinytim@gmail.com>
2025-03-14 21:11:50 +00:00 · 2024-04-18 04:47:34 -05:00 · 2024-04-18 04:47:34 -05:00 · 674d9c4252
commit 674d9c4252
parent 5fb5416a11
2 changed files with 36 additions and 0 deletions
--- a/templates/deployment-streaming.yaml
+++ b/templates/deployment-streaming.yaml
@ -39,6 +39,16 @@ spec:
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with .Values.mastodon.streaming.extraCerts }}
+      {{- $name := .name | default "extra-certs" }}
+      volumes:
+        - name: {{ $name }}
+          secret:
+            secretName: {{ .existingSecret }}
+            items:
+            - key: ca.crt
+              path: trusted-ca.crt
+      {{- end }}
      containers:
        - name: {{ .Chart.Name }}-streaming
          {{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
@ -50,6 +60,12 @@ spec:
          command:
            - node
            - ./streaming
+          {{- with .Values.mastodon.streaming.extraCerts }}
+          {{- $name := .name | default "extra-certs" }}
+          volumeMounts:
+          - name: {{ $name }}
+            mountPath: "/usr/local/share/ca-certificates"
+          {{- end }}
          envFrom:
            - configMapRef:
                name: {{ include "mastodon.fullname" . }}-env
@ -58,6 +74,18 @@ spec:
                name: {{ .Values.mastodon.extraEnvFrom }}
            {{- end}}
          env:
+            {{- with .Values.mastodon.streaming.extraCerts }}
+            - name: "NODE_EXTRA_CA_CERTS"
+              value: "/usr/local/share/ca-certificates/trusted-ca.crt"
+            {{- with .sslMode }}
+            - name: "DB_SSLMODE"
+              value: {{ . }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.postgresql.postgresqlReplicaHostname }}
+            - name: "DB_HOST"
+              value: {{ . }}
+            {{- end }}
            - name: "DB_PASS"
              valueFrom:
                secretKeyRef:
--- a/values.yaml
+++ b/values.yaml
@ -230,6 +230,14 @@ mastodon:
    # requests:
    #   cpu: 250m
    #   memory: 128Mi
+    # -- Self-signed certificate(s) the (Node.js) needs to trust to connect to e.g. the database
+    extraCerts: {}
+    # -- Secret containing a key "ca.crt" holding one or more root certificates in PEM format
+    #  existingSecret:
+    # -- Optional volume name for mounting the .crt file, defaults to "extra-certs"
+    #  name:
+    # -- Optional sslMode setting. See nodejs's SSL_MODE. Consider "no-verify"
+    #  sslMode:
  web:
    port: 3000
    # -- Number of Web Pods running