TILES-6894 floors-api: add user certs (#524)

* floors-api: add user certs * Format --------- Co-authored-by: Нищета Дмитрий Антонович <[email protected]>
2gis · Nov 6, 2024 · 31ee157 · 31ee157
1 parent 32d6538
commit 31ee157
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 1 deletion.
diff --git a/charts/floors-api/Chart.yaml b/charts/floors-api/Chart.yaml
@@ -4,7 +4,7 @@ description: Helm for floors service
 type: application
 
 version: 1.30.0
-appVersion: 1.0.4
+appVersion: 1.1.0
 
 maintainers:
 - name: 2gis

diff --git a/charts/floors-api/README.md b/charts/floors-api/README.md
@@ -108,3 +108,10 @@ Read more about the On-Premise solution [here](https://docs.2gis.com/en/on-premi
 | `import.resources.requests.memory` | A memory request, e.g., `128Mi`. |                                   |
 | `import.resources.limits.cpu`      | A CPU limit, e.g., `100m`.       |                                   |
 | `import.resources.limits.memory`   | A memory limit, e.g., `128Mi`.   |                                   |
+
+### **Custom Certificate Authority**
+
+| Name                  | Description                                                                                                                 | Value |
+| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- |
+| `customCAs.bundle`    | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""`  |
+| `customCAs.certsPath` | Custom CA bundle mount directory in the container.                                                                          | `""`  |
diff --git a/charts/floors-api/templates/_helpers.tpl b/charts/floors-api/templates/_helpers.tpl
@@ -67,3 +67,14 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler.
 {{- print "autoscaling/v2" -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Mount directory for custom CA
+*/}}
+{{- define "floors.customCA.mountPath" -}}
+{{ $.Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }}
+{{- end -}}
+
+{{- define "floors.checksum" -}}
+{{ (include (print $.Template.BasePath .path) $ | fromYaml).data | toYaml | sha256sum }}
+{{- end }}
diff --git a/charts/floors-api/templates/custom-ca.configmap.yaml b/charts/floors-api/templates/custom-ca.configmap.yaml
@@ -0,0 +1,13 @@
+{{- if $.Values.customCAs.bundle }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "floors.fullname" . }}-custom-ca
+  labels:
+    {{- include "floors.labels" . | nindent 4 }}
+
+data:
+  custom-ca.crt: |-
+    {{- $.Values.customCAs.bundle | nindent 4 }}
+{{- end }}
diff --git a/charts/floors-api/templates/deployment.yaml b/charts/floors-api/templates/deployment.yaml
@@ -27,6 +27,7 @@ spec:
     metadata:
       {{- with .Values.podAnnotations }}
       annotations:
+        checksum/custom-ca: {{ include "floors.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }}
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
@@ -60,9 +61,19 @@ spec:
               value: "{{ .Values.dgctlStorage.region }}"
             - name: IMPORTER_S3_SECURE
               value: "{{ .Values.dgctlStorage.secure }}"
+            {{- if $.Values.customCAs.bundle }}
+            - name: IMPORTER_SSL_CERT_FILE
+              value: {{ include "floors.customCA.mountPath" $ }}/custom-ca.crt
+            {{- end }}
           volumeMounts:
             - name: {{ include "floors.fullname" $ }}-data
               mountPath: "/var/floorsConvertedData"
+            {{- if $.Values.customCAs.bundle }}
+            - name: custom-ca
+              mountPath: {{ include "floors.customCA.mountPath" $ }}/custom-ca.crt
+              subPath: custom-ca.crt
+              readOnly: true
+            {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       containers:
@@ -146,6 +157,11 @@ spec:
                 path: servers.conf
         - name: {{ include "floors.fullname" $ }}-data
           emptyDir: {}
+          {{- if $.Values.customCAs.bundle }}
+        - name: custom-ca
+          configMap:
+            name: {{ include "floors.fullname" $ }}-custom-ca
+        {{- end }}
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/floors-api/values.yaml b/charts/floors-api/values.yaml
@@ -166,3 +166,16 @@ import:
     repository: 2gis-on-premise/floors-importer
     pullPolicy: IfNotPresent
     tag: 1.0.4
+
+# @section **Custom Certificate Authority**
+
+# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1)
+# @param customCAs.certsPath Custom CA bundle mount directory in the container.
+
+customCAs:
+  bundle: ''
+  # bundle: |
+  #   -----BEGIN CERTIFICATE-----
+  #   ...
+  #   -----END CERTIFICATE-----
+  certsPath: ''