feat: ✨ add cacerts in vscode

InseeFrLab · Sep 25, 2024 · 24f7b7f · 24f7b7f
1 parent a6a0456
commit 24f7b7f
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 2 deletions.
diff --git a/charts/vscode-python/Chart.yaml b/charts/vscode-python/Chart.yaml
@@ -22,7 +22,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.1.2
+version: 2.1.3
 
 dependencies:
   - name: library-chart

diff --git a/charts/vscode-python/templates/statefulset.yaml b/charts/vscode-python/templates/statefulset.yaml
@@ -100,6 +100,19 @@ spec:
               mkdir /dest/metaflow;
               cp /src/metaflow/config.json /dest/metaflow/config.json;
               {{- end }}
+              {{- if .Values.certificateAuthorityInjection }}
+              {{- if .Values.certificateAuthorityInjection.cacerts }}
+              mkdir /dest/certs;
+              if [[ {{ .Values.certificateAuthorityInjection.cacerts }} =~ ^https?://.+$ ]]; 
+              then
+                  curl -s {{ .Values.certificateAuthorityInjection.cacerts }} -o /tmp/ca.pem
+              else
+                  echo -n {{ .Values.certificateAuthorityInjection.cacerts }} | base64 -d > /tmp/ca.pem;
+              fi
+              awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "/tmp/cert." c ".crt"}' < /tmp/ca.pem;
+              cp /tmp/*.crt /dest/certs/;
+              {{- end }}
+              {{- end }}
           volumeMounts:
             - name: config-files
               mountPath: /dest
@@ -217,7 +230,14 @@ spec:
             - name: config-files
               mountPath: /home/{{ .Values.environment.user}}/.metaflowconfig
               subPath: metaflow
-            {{- end }}      
+            {{- end }}
+            {{- if .Values.certificateAuthorityInjection }}
+            {{- if .Values.certificateAuthorityInjection.pathToCaBundle }}
+            - name: config-files
+              mountPath: {{ .Values.certificateAuthorityInjection.pathToCaBundle }}
+              subPath: certs
+            {{- end }}
+            {{- end }}  
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/vscode-python/values.schema.json b/charts/vscode-python/values.schema.json
@@ -836,6 +836,31 @@
               }
           }
       }
+  },
+  "certificateAuthorityInjection": {
+    "description": "It can be used to inject certificate authority into the services, if the Helm chart in the catalog allows it you can bind this value to the Helm chart value to add some certificate authorities in the pod.",
+    "type": "object",
+    "default": {},
+    "properties": {
+      "cacerts": {
+        "type": "string",
+        "description": "String of crts concatenated in base64, can be a url",
+        "default": "",
+        "x-onyxia": {
+          "hidden": true,
+          "overwriteDefaultWith": "{{certificateAuthorityInjection.cacerts}}"
+        }
+      },
+      "pathToCaBundle": {
+        "type": "string",
+        "description": "String path where a bundle is made or injected by third party solution",
+        "default": "/usr/local/share/ca-certificates/",
+        "x-onyxia": {
+          "hidden": true,
+          "overwriteDefaultWith": "{{certificateAuthorityInjection.pathToCaBundle}}"
+        }
+      }
+    }
   },
     "message": {
       "type": "object",

diff --git a/charts/vscode-python/values.yaml b/charts/vscode-python/values.yaml
@@ -221,6 +221,10 @@ proxy:
   httpProxy: ""
   httpsProxy: ""
 
+#certificateAuthorityInjection:
+#  pathToCaBundle:
+#  cacerts:
+
 message:
   fr: ""
   en: ""