first attempt to add custom certificates

stranljip · stranljip · commit 06fdc0012862 · 2025-02-24T21:43:09.000+01:00
diff --git a/helmchart/geohealthcheck/templates/cm-ca-certs.yaml b/helmchart/geohealthcheck/templates/cm-ca-certs.yaml
@@ -1,11 +1,12 @@
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ printf "%s-certificates" (include "geohealthcheck.fullname" .) | squote }}
   labels:
     {{- include "geohealthcheck.labels" . | nindent 4 }}
 data:
-  my-ca.crt: |
-    -----BEGIN CERTIFICATE-----
-    MIID... (your certificate content here)
-    -----END CERTIFICATE-----
+  {{- range $filename, $certificate := .Values.additionalCertificates }}
+  {{ $filename -}}: >-
+    {{- $certificate | nindent 4 }}
+  {{- end -}}
diff --git a/helmchart/geohealthcheck/templates/deployment.yaml b/helmchart/geohealthcheck/templates/deployment.yaml
@@ -31,7 +31,7 @@ spec:
       initContainers:
         - name: update-ca-certificates
           image: '{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}'
-          command: ['sh', '-c', 'cp /custom-ca/my-ca.crt /usr/local/share/ca-certificates/ && update-ca-certificates']
+          command: ['sh', '-c', 'cp /custom-ca/* /usr/local/share/ca-certificates/ && update-ca-certificates']
           volumeMounts:
             - name: custom-ca-cert
               mountPath: /custom-ca
@@ -51,12 +51,18 @@ spec:
             {{- toYaml .Values.readinessProbe | nindent 12 }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-          {{- with .Values.volumeMounts }}
           volumeMounts:
+            # TODO: loop through certs
+            - name: custom-ca-cert
+              mountPath: /etc/ssl/certs/my-ca.crt
+          {{- with .Values.volumeMounts }}
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      {{- with .Values.volumes }}
       volumes:
+        - name: custom-ca-cert
+          configMap:
+            name: custom-ca-cert
+      {{- with .Values.volumes }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.nodeSelector }}
diff --git a/helmchart/geohealthcheck/values.yaml b/helmchart/geohealthcheck/values.yaml
@@ -141,6 +141,16 @@ service:
   # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
   type: 'ClusterIP'
 
+additionalCertificates:
+  cert1.crt: |
+    -----BEGIN CERTIFICATE-----
+    MIID... (your certificate content here)
+    -----END CERTIFICATE-----
+  cert2.crt: |
+    -----BEGIN CERTIFICATE-----
+    MIID... (your certificate content here)
+    -----END CERTIFICATE-----
+   
 # This block is for setting up the ingress for more information can be found
 # here: https://kubernetes.io/docs/concepts/services-networking/ingress/
 ingress:
