diff --git a/charts/operator/Chart.yaml b/charts/operator/Chart.yaml index 6c64ec38..e6a3281a 100644 --- a/charts/operator/Chart.yaml +++ b/charts/operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: operator description: A Helm chart for Weights & Biases operator type: application -version: 1.3.10 +version: 1.3.11 appVersion: "1.0.0" maintainers: - name: wandb diff --git a/charts/operator/templates/deployment.yaml b/charts/operator/templates/deployment.yaml index 4a69222e..e63ffd78 100644 --- a/charts/operator/templates/deployment.yaml +++ b/charts/operator/templates/deployment.yaml @@ -47,9 +47,9 @@ spec: fieldPath: spec.serviceAccountName - name: AIRGAPPED value: {{ .Values.airgapped | quote }} - {{- if .Values.customCACerts }} + {{- if or .Values.customCACerts .Values.caCertsConfigMap }} - name: SSL_CERT_DIR - value: /certs + value: /certs/ {{- end }} livenessProbe: httpGet: @@ -64,21 +64,18 @@ spec: initialDelaySeconds: 5 periodSeconds: 10 resources: {{- toYaml .Values.resources | nindent 10 }} - {{- if or .Values.airgapped .Values.customCACerts }} + {{- if or .Values.airgapped .Values.customCACerts .Values.caCertsConfigMap }} volumeMounts: {{- if or .Values.airgapped }} - name: {{ include "name" . }}-charts mountPath: /charts {{- end }} - {{- if .Values.customCACerts }} - {{- range $index, $v := .Values.customCACerts }} + {{- if .Values.caCertsConfigMap }} - name: wandb-ca-certs - mountPath: /certs/customCA{{$index}}.crt - subPath: customCA{{$index}}.crt - {{- end }} + mountPath: /certs/ {{- end }} {{- end }} - {{- if or .Values.airgapped .Values.customCACerts }} + {{- if or .Values.airgapped .Values.customCACerts .Values.caCertsConfigMap }} volumes: {{- if .Values.airgapped }} - name: {{ include "name" . }}-charts @@ -86,11 +83,17 @@ spec: name: {{ include "name" . }}-charts optional: true {{- end }} - {{- if .Values.customCACerts }} - name: wandb-ca-certs - configMap: - name: {{ include "operator.fullname" . }}-ca-certs - {{- end }} + projected: + sources: + {{- if .Values.caCertsConfigMap }} + - configMap: + name: {{ .Values.caCertsConfigMap }} + {{- end }} + {{- if .Values.customCACerts }} + - configMap: + name: {{ include "operator.fullname" . }}-ca-certs + {{- end }} {{- end }} serviceAccountName: {{ include "manager.serviceAccount.name" . }} {{- if .Values.nodeSelector }} diff --git a/charts/operator/values.yaml b/charts/operator/values.yaml index 938f9899..31a3bb28 100644 --- a/charts/operator/values.yaml +++ b/charts/operator/values.yaml @@ -228,7 +228,19 @@ namespaceIsolation: enabled: false additionalNamespaces: [] +# To provide custom CA certificates, you can use either: +# 1. `customCACerts`: a list of certificates provided directly within this Helm chart. +# 2. `configMapName`: the name of a ConfigMap containing CA certificates. +# +# Important: +# - If using a ConfigMap, each key in the ConfigMap must end with `.crt` (e.g., `my-cert.crt`). +# - This naming convention is required for `update-ca-certificates` to parse and add each +# certificate to the system CA store on Ubuntu-based systems. + +# List of custom CA certificates in PEM format. customCACerts: [] +# Name of a ConfigMap containing additional .crt files for CA certificates. +caCertsConfigMap: "" # Affinity rules for scheduling the Pod of this application. # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity