infra/mastodon-chart-mirror
3
0
Fork 0
mirror of https://github.com/mastodon/chart synced 2025-03-14 21:11:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add values to inject trusted certs into streaming (#92)

Browse Source 
Co-authored-by: Tim Campbell <timetinytim@gmail.com>
This commit is contained in:
Matthew Abbott 2024-04-18 04:47:34 -05:00 committed by GitHub
parent 5fb5416a11
commit 674d9c4252
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
templates/deployment-streaming.yaml
View File

@ -39,6 +39,16 @@ spec:
securityContext: securityContext:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.mastodon.streaming.extraCerts }}
{{- $name := .name | default "extra-certs" }}
volumes:
- name: {{ $name }}
secret:
secretName: {{ .existingSecret }}
items:
- key: ca.crt
path: trusted-ca.crt
{{- end }}
containers: containers:
- name: {{ .Chart.Name }}-streaming - name: {{ .Chart.Name }}-streaming
{{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }} {{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
@ -50,6 +60,12 @@ spec:
command: command:
- node - node
- ./streaming - ./streaming
{{- with .Values.mastodon.streaming.extraCerts }}
{{- $name := .name | default "extra-certs" }}
volumeMounts:
- name: {{ $name }}
mountPath: "/usr/local/share/ca-certificates"
{{- end }}
envFrom: envFrom:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env
@ -58,6 +74,18 @@ spec:
name: {{ .Values.mastodon.extraEnvFrom }} name: {{ .Values.mastodon.extraEnvFrom }}
{{- end}} {{- end}}
env: env:
{{- with .Values.mastodon.streaming.extraCerts }}
- name: "NODE_EXTRA_CA_CERTS"
value: "/usr/local/share/ca-certificates/trusted-ca.crt"
{{- with .sslMode }}
- name: "DB_SSLMODE"
value: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.postgresql.postgresqlReplicaHostname }}
- name: "DB_HOST"
value: {{ . }}
{{- end }}
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

8
values.yaml
View File

@ -230,6 +230,14 @@ mastodon:
# requests: # requests:
# cpu: 250m # cpu: 250m
# memory: 128Mi # memory: 128Mi
# -- Self-signed certificate(s) the (Node.js) needs to trust to connect to e.g. the database
extraCerts: {}
# -- Secret containing a key "ca.crt" holding one or more root certificates in PEM format
# existingSecret:
# -- Optional volume name for mounting the .crt file, defaults to "extra-certs"
# name:
# -- Optional sslMode setting. See nodejs's SSL_MODE. Consider "no-verify"
# sslMode:
web: web:
port: 3000 port: 3000
# -- Number of Web Pods running # -- Number of Web Pods running