(vscode-python) Add cacerts (#161)

* feat: ✨ add cacerts in vscode
InseeFrLab · Oct 8, 2024 · 78254a5 · 78254a5
1 parent 9d00d93
commit 78254a5
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 2 deletions.
diff --git a/charts/vscode-python/Chart.yaml b/charts/vscode-python/Chart.yaml
@@ -22,7 +22,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.1.5
+version: 2.1.6
 
 dependencies:
   - name: library-chart

diff --git a/charts/vscode-python/templates/statefulset.yaml b/charts/vscode-python/templates/statefulset.yaml
@@ -100,6 +100,19 @@ spec:
               mkdir /dest/metaflow;
               cp /src/metaflow/config.json /dest/metaflow/config.json;
               {{- end }}
+              {{- if .Values.certificates }}
+              {{- if .Values.certificates.cacerts }}
+              mkdir /dest/certs;
+              if [[ {{ .Values.certificates.cacerts }} =~ ^https?://.+$ ]]; 
+              then
+                  curl -s {{ .Values.certificates.cacerts }} -o /tmp/ca.pem
+              else
+                  echo -n {{ .Values.certificates.cacerts }} | base64 -d > /tmp/ca.pem;
+              fi
+              awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "/tmp/cert." c ".crt"}' < /tmp/ca.pem;
+              cp /tmp/*.crt /dest/certs/;
+              {{- end }}
+              {{- end }}
           volumeMounts:
             - name: config-files
               mountPath: /dest
@@ -217,7 +230,14 @@ spec:
             - name: config-files
               mountPath: /home/{{ .Values.environment.user}}/.metaflowconfig
               subPath: metaflow
-            {{- end }}      
+            {{- end }}
+            {{- if .Values.certificates }}
+            {{- if .Values.certificates.pathToCaBundle }}
+            - name: config-files
+              mountPath: {{ .Values.certificates.pathToCaBundle }}
+              subPath: certs
+            {{- end }}
+            {{- end }}  
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/vscode-python/values.schema.json b/charts/vscode-python/values.schema.json
@@ -836,6 +836,32 @@
               }
           }
       }
+  },
+  "certificates": {
+    "description": "It can be used to inject certificate authority into the services, if the Helm chart in the catalog allows it you can bind this value to the Helm chart value to add some certificate authorities in the pod.",
+    "type": "object",
+    "x-onyxia": {
+      "overwriteSchemaWith": "certificates.json"
+    },
+    "default": {},
+    "properties": {
+      "cacerts": {
+        "type": "string",
+        "description": "String of crts concatenated in base64, can be a url",
+        "default": "",
+        "x-onyxia": {
+          "hidden": true
+        }
+      },
+      "pathToCaBundle": {
+        "type": "string",
+        "description": "String path where a bundle is made or injected by third party solution",
+        "default": "/usr/local/share/ca-certificates/",
+        "x-onyxia": {
+          "hidden": true
+        }
+      }
+    }
   },
     "message": {
       "type": "object",

diff --git a/charts/vscode-python/values.yaml b/charts/vscode-python/values.yaml
@@ -221,6 +221,10 @@ proxy:
   httpProxy: ""
   httpsProxy: ""
 
+certificates: {}
+  # pathToCaBundle: /usr/local/share/ca-certificates/
+  # cacerts: ""
+
 message:
   fr: ""
   en: ""