diff --git a/charts/scalar-admin-for-kubernetes/README.md b/charts/scalar-admin-for-kubernetes/README.md index bb46f770..6a4a4b94 100644 --- a/charts/scalar-admin-for-kubernetes/README.md +++ b/charts/scalar-admin-for-kubernetes/README.md @@ -28,5 +28,6 @@ Current chart version is `2.0.0-SNAPSHOT`. | scalarAdminForKubernetes.securityContext.runAsNonRoot | bool | `true` | Containers should be run as a non-root user with the minimum required permissions (principle of least privilege). | | scalarAdminForKubernetes.serviceAccount.automountServiceAccountToken | bool | `true` | Specify whether to mount a service account token or not. | | scalarAdminForKubernetes.serviceAccount.serviceAccountName | string | `""` | Name of the existing service account resource. | +| scalarAdminForKubernetes.tls.caRootCertSecret | string | `""` | Name of the secret containing the custom CA root certificate for TLS communication. This chart mounts the root CA certificate file on the /tls/certs/ directory. | | scalarAdminForKubernetes.tolerations | list | `[]` | Tolerations are applied to pods and allow (but do not require) the pods to schedule onto nodes with matching taints. | | scalarAdminForKubernetes.ttlSecondsAfterFinished | int | `0` | ttlSecondsAfterFinished value for the job resource. | diff --git a/charts/scalar-admin-for-kubernetes/templates/_helpers.tpl b/charts/scalar-admin-for-kubernetes/templates/_helpers.tpl index c0f620a4..3a80918a 100644 --- a/charts/scalar-admin-for-kubernetes/templates/_helpers.tpl +++ b/charts/scalar-admin-for-kubernetes/templates/_helpers.tpl @@ -101,6 +101,17 @@ template: {{- range .Values.scalarAdminForKubernetes.commandArgs }} - {{ . | quote }} {{- end }} + {{- if .Values.scalarAdminForKubernetes.tls.caRootCertSecret }} + volumeMounts: + - name: tls-ca-root-volume + mountPath: /tls/certs + {{- end }} + {{- if .Values.scalarAdminForKubernetes.tls.caRootCertSecret }} + volumes: + - name: tls-ca-root-volume + secret: + secretName: {{ .Values.scalarAdminForKubernetes.tls.caRootCertSecret }} + {{- end }} {{- with .Values.scalarAdminForKubernetes.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/scalar-admin-for-kubernetes/values.schema.json b/charts/scalar-admin-for-kubernetes/values.schema.json index ac0ff8a8..7df10aa2 100644 --- a/charts/scalar-admin-for-kubernetes/values.schema.json +++ b/charts/scalar-admin-for-kubernetes/values.schema.json @@ -111,6 +111,14 @@ } } }, + "tls": { + "type": "object", + "properties": { + "caRootCertSecret": { + "type": "string" + } + } + }, "tolerations": { "type": "array" }, diff --git a/charts/scalar-admin-for-kubernetes/values.yaml b/charts/scalar-admin-for-kubernetes/values.yaml index cb9df008..e9cee7fd 100644 --- a/charts/scalar-admin-for-kubernetes/values.yaml +++ b/charts/scalar-admin-for-kubernetes/values.yaml @@ -89,3 +89,7 @@ scalarAdminForKubernetes: # -- ttlSecondsAfterFinished value for the job resource. ttlSecondsAfterFinished: 0 + + tls: + # -- Name of the secret containing the custom CA root certificate for TLS communication. This chart mounts the root CA certificate file on /tls/certs/ directory. + caRootCertSecret: ""