feat(): allow using custom CA

adfinis · Dec 23, 2024 · 1811026 · 1811026
1 parent 5215c69
commit 1811026
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 2 deletions.
diff --git a/charts/kubernetes-etcd-backup/templates/cronjob.yaml b/charts/kubernetes-etcd-backup/templates/cronjob.yaml
@@ -14,15 +14,16 @@ spec:
       template:
         spec:
           securityContext:
-              runAsUser: 1000
-              fsGroup: 1000
+            {{- toYaml .Values.podSecurityContext | nindent 12 }}
           containers:
           - command:
             - /bin/sh
             - /usr/local/bin/backup.sh
             image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
             imagePullPolicy: {{ .Values.image.pullPolicy }}
             name: {{ .Chart.Name }}
+            securityContext:
+              {{- toYaml .Values.securityContext | nindent 14 }}
             envFrom:
             - configMapRef:
                 name: {{ include "kubernetes-etcd-backup.fullname" . }}
@@ -43,6 +44,10 @@ spec:
               mountPath: /etc/kubernetes/pki/etcd-ca
             - name: volume-backup
               mountPath: /backup
+            {{- if and (.Values.persistence.s3.enabled) (.Values.persistence.s3.ca.enabled) }}
+            - name: s3-ca
+              mountPath: /etc/pki/ca-trust/source/anchors
+            {{- end }}
             {{- if .Values.extraVolumeMounts }}
               {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
             {{- end }}
@@ -54,6 +59,11 @@ spec:
           - name: etcd-server-ca
             secret:
               secretName: {{ .Values.etcdCertification.etcdServerCaName }}
+          {{- if and (.Values.persistence.s3.enabled) (.Values.persistence.s3.ca.enabled) }}
+          - name: s3-ca
+            secret:
+              secretName: {{ .Values.persistence.s3.ca.secretName }}
+          {{- end }}
           - name: volume-backup
             {{- if .Values.persistence.nfs.enabled }}
             nfs:

diff --git a/charts/kubernetes-etcd-backup/values.yaml b/charts/kubernetes-etcd-backup/values.yaml
@@ -71,6 +71,9 @@ persistence:
     secretKey: mysupersecretkey
     # -- S3 use an existing Secret instead of creating one
     existingSecret: ""
+    ca:
+      enabled: false
+      secretName: "changeme"
 
 image:
   # -- Repository image to use
@@ -131,3 +134,16 @@ extraVolumes: []
 ## Additional volumes to the pod.
 #  - name: additional-volume
 #    emptyDir: {}
+
+securityContext: {}
+podSecurityContext:
+  runAsUser: 1000
+  fsGroup: 1000
+  # Settings required when s3 persistence is used
+  # Required because of `update-ca-trust` command
+  # # -- Run pod as privileged
+  # privileged: true
+  # # -- Set user ID
+  # runAsUser: 0
+  # # -- Set group ID
+  # runAsGroup: 0