From 8efcf9447a80aec43864c8d86ff01a2bb9c41094 Mon Sep 17 00:00:00 2001 From: Thierry GAMEIRO MARTINS Date: Wed, 25 Sep 2024 16:43:51 +0200 Subject: [PATCH] feat: :sparkles: add cacerts in vscode --- charts/vscode-python/Chart.yaml | 2 +- .../vscode-python/templates/statefulset.yaml | 22 +++++++++++++++- charts/vscode-python/values.schema.json | 25 +++++++++++++++++++ charts/vscode-python/values.yaml | 4 +++ 4 files changed, 51 insertions(+), 2 deletions(-) diff --git a/charts/vscode-python/Chart.yaml b/charts/vscode-python/Chart.yaml index 670fed93..51bf7520 100644 --- a/charts/vscode-python/Chart.yaml +++ b/charts/vscode-python/Chart.yaml @@ -22,7 +22,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.1.2 +version: 2.1.3 dependencies: - name: library-chart diff --git a/charts/vscode-python/templates/statefulset.yaml b/charts/vscode-python/templates/statefulset.yaml index 294e7d4a..da788f0b 100644 --- a/charts/vscode-python/templates/statefulset.yaml +++ b/charts/vscode-python/templates/statefulset.yaml @@ -100,6 +100,19 @@ spec: mkdir /dest/metaflow; cp /src/metaflow/config.json /dest/metaflow/config.json; {{- end }} + {{- if .Values.certificateAuthorityInjection }} + {{- if .Values.certificateAuthorityInjection.cacerts }} + mkdir /dest/certs; + if [[ {{ .Values.certificateAuthorityInjection.cacerts }} =~ ^https?://.+$ ]]; + then + curl -s {{ .Values.certificateAuthorityInjection.cacerts }} -o /tmp/ca.pem + else + echo -n {{ .Values.certificateAuthorityInjection.cacerts }} | base64 -d > /tmp/ca.pem; + fi + awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "/tmp/cert." c ".crt"}' < /tmp/ca.pem; + cp /tmp/*.crt /dest/certs/; + {{- end }} + {{- end }} volumeMounts: - name: config-files mountPath: /dest @@ -217,7 +230,14 @@ spec: - name: config-files mountPath: /home/{{ .Values.environment.user}}/.metaflowconfig subPath: metaflow - {{- end }} + {{- end }} + {{- if .Values.certificateAuthorityInjection }} + {{- if .Values.certificateAuthorityInjection.pathToCaBundle }} + - name: config-files + mountPath: {{ .Values.certificateAuthorityInjection.pathToCaBundle }} + subPath: certs + {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/vscode-python/values.schema.json b/charts/vscode-python/values.schema.json index 0bb85dc3..ed2962fb 100644 --- a/charts/vscode-python/values.schema.json +++ b/charts/vscode-python/values.schema.json @@ -836,6 +836,31 @@ } } } + }, + "certificateAuthorityInjection": { + "description": "It can be used to inject certificate authority into the services, if the Helm chart in the catalog allows it you can bind this value to the Helm chart value to add some certificate authorities in the pod.", + "type": "object", + "default": {}, + "properties": { + "cacerts": { + "type": "string", + "description": "String of crts concatenated in base64, can be a url", + "default": "", + "x-onyxia": { + "hidden": true, + "overwriteDefaultWith": "{{certificateAuthorityInjection.cacerts}}" + } + }, + "pathToCaBundle": { + "type": "string", + "description": "String path where a bundle is made or injected by third party solution", + "default": "/usr/local/share/ca-certificates/", + "x-onyxia": { + "hidden": true, + "overwriteDefaultWith": "{{certificateAuthorityInjection.pathToCaBundle}}" + } + } + } }, "message": { "type": "object", diff --git a/charts/vscode-python/values.yaml b/charts/vscode-python/values.yaml index b4e49383..2aadf3f6 100644 --- a/charts/vscode-python/values.yaml +++ b/charts/vscode-python/values.yaml @@ -221,6 +221,10 @@ proxy: httpProxy: "" httpsProxy: "" +# certificateAuthorityInjection: +# pathToCaBundle: +# cacerts: + message: fr: "" en: ""