Skip to content

Commit

Permalink
Extended cacert to RStudio chart
Browse files Browse the repository at this point in the history
  • Loading branch information
@Gaspi
Gaspi committed Oct 23, 2024
1 parent 959b3ad commit aa5c4d1
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 24 deletions.
2 changes: 1 addition & 1 deletion charts/rstudio/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 2.1.4
version: 2.1.5
dependencies:
- name: library-chart
version: 1.5.28
Expand Down
92 changes: 69 additions & 23 deletions charts/rstudio/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,29 +32,39 @@ spec:
{{- if (include "library-chart.repository.enabled" .) }}
checksum/repository: {{ include (print $.Template.BasePath "/configmap-repository.yaml") . | sha256sum }}
{{- end }}
{{- if and .Values.certificates .Values.certificates.cacerts }}
checksum/cacerts: {{ .Values.certificates.cacerts | sha256sum }}
{{- end }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "library-chart.selectorLabels" . | nindent 8 }}
spec:
volumes:
- name: config-files
emptyDir: {}
- name: home
{{- if .Values.persistence.enabled }}
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "library-chart.fullname" .) }}
{{- else }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: dshm
emptyDir:
medium: Memory
sizeLimit: 10Gi
{{- if (.Values.proxy).enabled }}
{{- if (.Values.proxy).enabled }}
- name: secret-proxy
secret:
secretName: {{ include "library-chart.secretNameProxy" . }}
{{- end }}
{{- end }}
{{- if and .Values.certificates .Values.certificates.cacerts }}
- name: cacerts
secret:
secretName: {{ include "library-chart.secretNameCacerts" . }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
Expand All @@ -64,6 +74,37 @@ spec:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
subdomain: {{ include "library-chart.fullname" . }}
hostname: rstudio
initContainers:
- name: make-secrets-writable
image: inseefrlab/onyxia-base:latest
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- |
echo 'initContainer make-secrets-writable is started';
{{- if and .Values.certificates .Values.certificates.cacerts }}
mkdir /dest/cacerts;
{{- if regexMatch "^https?://" .Values.certificates.cacerts }}
curl -s $(cat /cacerts/ca-certs.url) -o /tmp/ca.pem
{{- else }}
cp /cacerts/ca.pem /tmp/ca.pem
{{- end }}
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "/dest/cacerts/cert." c ".crt"}' < /tmp/ca.pem;
{{- end }}
volumeMounts:
- name: config-files
mountPath: /dest
{{- if and .Values.certificates .Values.certificates.cacerts }}
- name: cacerts
mountPath: /cacerts
{{- end }}
resources:
limits:
cpu: 50m
memory: 50Mi
securityContext:
{{- toYaml .Values.initContainerSecurityContext | nindent 12 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
Expand Down Expand Up @@ -93,43 +134,43 @@ spec:
value: {{ .Values.environment.group }}
- name: ROOT_PROJECT_DIRECTORY
value: /home/{{ .Values.environment.user }}/work
{{- if .Values.init.regionInit }}
{{- if .Values.init.regionInit }}
- name: REGION_INIT_SCRIPT
value: {{ .Values.init.regionInit }}
{{- end }}
{{- if .Values.init.personalInit }}
{{- end }}
{{- if .Values.init.personalInit }}
- name: PERSONAL_INIT_SCRIPT
value: {{ .Values.init.personalInit }}
{{- end }}
{{- if .Values.init.personalInitArgs }}
{{- end }}
{{- if .Values.init.personalInitArgs }}
- name: PERSONAL_INIT_ARGS
value: {{ .Values.init.personalInitArgs }}
{{- end }}
{{- if .Values.userPreferences.darkMode }}
{{- end }}
{{- if .Values.userPreferences.darkMode }}
- name: DARK_MODE
value: "true"
{{- end }}
{{- end }}
envFrom:
{{- if .Values.s3.enabled }}
{{- if .Values.s3.enabled }}
- secretRef:
name: {{ include "library-chart.secretNameS3" . }}
{{- end }}
{{- if (.Values.proxy).enabled }}
{{- end }}
{{- if (.Values.proxy).enabled }}
- secretRef:
name: {{ include "library-chart.secretNameProxy" . }}
{{- end }}
{{- if .Values.vault.enabled }}
{{- end }}
{{- if .Values.vault.enabled }}
- secretRef:
name: {{ include "library-chart.secretNameVault" . }}
{{- end }}
{{- if .Values.git.enabled }}
{{- end }}
{{- if .Values.git.enabled }}
- secretRef:
name: {{ include "library-chart.secretNameGit" . }}
{{- end }}
{{- if (include "library-chart.repository.enabled" .) }}
{{- end }}
{{- if (include "library-chart.repository.enabled" .) }}
- configMapRef:
name: {{ include "library-chart.configMapNameRepository" . }}
{{- end }}
{{- end }}
- secretRef:
name: {{ include "library-chart.secretNameToken" . }}
livenessProbe:
Expand Down Expand Up @@ -157,6 +198,11 @@ spec:
name: home
- mountPath: /dev/shm
name: dshm
{{- if and .Values.certificates .Values.certificates.pathToCaBundle }}
- name: config-files
mountPath: {{ .Values.certificates.pathToCaBundle }}
subPath: cacerts
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down

0 comments on commit aa5c4d1

Please sign in to comment.