diff --git a/charts/vscode-python/Chart.yaml b/charts/vscode-python/Chart.yaml index 670fed93..51bf7520 100644 --- a/charts/vscode-python/Chart.yaml +++ b/charts/vscode-python/Chart.yaml @@ -22,7 +22,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.1.2 +version: 2.1.3 dependencies: - name: library-chart diff --git a/charts/vscode-python/templates/statefulset.yaml b/charts/vscode-python/templates/statefulset.yaml index 294e7d4a..da788f0b 100644 --- a/charts/vscode-python/templates/statefulset.yaml +++ b/charts/vscode-python/templates/statefulset.yaml @@ -100,6 +100,19 @@ spec: mkdir /dest/metaflow; cp /src/metaflow/config.json /dest/metaflow/config.json; {{- end }} + {{- if .Values.certificateAuthorityInjection }} + {{- if .Values.certificateAuthorityInjection.cacerts }} + mkdir /dest/certs; + if [[ {{ .Values.certificateAuthorityInjection.cacerts }} =~ ^https?://.+$ ]]; + then + curl -s {{ .Values.certificateAuthorityInjection.cacerts }} -o /tmp/ca.pem + else + echo -n {{ .Values.certificateAuthorityInjection.cacerts }} | base64 -d > /tmp/ca.pem; + fi + awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "/tmp/cert." c ".crt"}' < /tmp/ca.pem; + cp /tmp/*.crt /dest/certs/; + {{- end }} + {{- end }} volumeMounts: - name: config-files mountPath: /dest @@ -217,7 +230,14 @@ spec: - name: config-files mountPath: /home/{{ .Values.environment.user}}/.metaflowconfig subPath: metaflow - {{- end }} + {{- end }} + {{- if .Values.certificateAuthorityInjection }} + {{- if .Values.certificateAuthorityInjection.pathToCaBundle }} + - name: config-files + mountPath: {{ .Values.certificateAuthorityInjection.pathToCaBundle }} + subPath: certs + {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/vscode-python/values.schema.json b/charts/vscode-python/values.schema.json index 0bb85dc3..ed2962fb 100644 --- a/charts/vscode-python/values.schema.json +++ b/charts/vscode-python/values.schema.json @@ -836,6 +836,31 @@ } } } + }, + "certificateAuthorityInjection": { + "description": "It can be used to inject certificate authority into the services, if the Helm chart in the catalog allows it you can bind this value to the Helm chart value to add some certificate authorities in the pod.", + "type": "object", + "default": {}, + "properties": { + "cacerts": { + "type": "string", + "description": "String of crts concatenated in base64, can be a url", + "default": "", + "x-onyxia": { + "hidden": true, + "overwriteDefaultWith": "{{certificateAuthorityInjection.cacerts}}" + } + }, + "pathToCaBundle": { + "type": "string", + "description": "String path where a bundle is made or injected by third party solution", + "default": "/usr/local/share/ca-certificates/", + "x-onyxia": { + "hidden": true, + "overwriteDefaultWith": "{{certificateAuthorityInjection.pathToCaBundle}}" + } + } + } }, "message": { "type": "object", diff --git a/charts/vscode-python/values.yaml b/charts/vscode-python/values.yaml index b4e49383..6e532e1f 100644 --- a/charts/vscode-python/values.yaml +++ b/charts/vscode-python/values.yaml @@ -221,6 +221,10 @@ proxy: httpProxy: "" httpsProxy: "" +#certificateAuthorityInjection: +# pathToCaBundle: +# cacerts: + message: fr: "" en: ""