Skip to content

Commit

Permalink
fix: allow certs to be loaded on readonly filesystems (#135)
Browse files Browse the repository at this point in the history 
* fix: allow certs to be loaded on readonly

* increment version

* increment version

* fix nxapi security context refs

* remove package file
  • Loading branch information
@rarmatei
rarmatei authored Sep 26, 2024
1 parent 172fc5e commit 699b2ca
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 3 deletions.
2 changes: 1 addition & 1 deletion charts/nx-cloud/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: nx-cloud
description: Nx Cloud Helm Chart
type: application
version: 0.15.10
version: 0.15.11
maintainers:
- name: nx
url: "https://nx.app/"
Expand Down
23 changes: 22 additions & 1 deletion charts/nx-cloud/templates/nx-cloud-aggregator-cron.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,38 @@
spec:
template:
spec:
{{- if .Values.selfSignedCertConfigMap }}
initContainers:
- command:
- sh
- -c
- cp -r /usr/lib/jvm/java-17-amazon-corretto/jre/lib/security /cacerts
image: {{ include "nxCloud.images.aggregator.image" . }}
name: copy-cacerts
{{- if .Values.aggregator.securityContext }}
securityContext:
{{- toYaml .Values.aggregator.securityContext | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /cacerts
name: cacerts
{{- end}}
containers:
- name: nx-cloud-aggregator
image: {{ include "nxCloud.images.aggregator.image" . }}
imagePullPolicy: {{ .Values.aggregator.image.pullPolicy | quote }}
{{- if .Values.aggregator.resources }}
resources: {{- toYaml .Values.aggregator.resources | nindent 16 }}
{{- end }}
{{- if .Values.selfSignedCertConfigMap }}
{{- if .Values.aggregator.securityContext }}
securityContext:
{{- toYaml .Values.aggregator.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.selfSignedCertConfigMap }}
volumeMounts:
- mountPath: /usr/lib/jvm/java-17-amazon-corretto/jre/lib/security
name: cacerts
subPath: security
- mountPath: /self-signed-certs
name: self-signed-certs-volume
{{- end}}
Expand Down Expand Up @@ -49,6 +68,8 @@ spec:
{{- end }}
{{- if .Values.selfSignedCertConfigMap }}
volumes:
- emptyDir: { }
name: cacerts
- configMap:
name: {{ .Values.selfSignedCertConfigMap }}
name: self-signed-certs-volume
Expand Down
23 changes: 22 additions & 1 deletion charts/nx-cloud/templates/nx-cloud-nx-api-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,22 @@ spec:
{{- if .Values.awsS3.serviceAccountName }}
serviceAccountName: {{ .Values.awsS3.serviceAccountName }}
{{- end }}
{{- if .Values.selfSignedCertConfigMap }}
initContainers:
- command:
- sh
- -c
- cp -r /usr/lib/jvm/java-17-amazon-corretto/jre/lib/security /cacerts
image: {{ include "nxCloud.images.nxApi.image" . }}
name: copy-cacerts
{{- if .Values.nxApi.securityContext }}
securityContext:
{{- toYaml .Values.nxApi.securityContext | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /cacerts
name: cacerts
{{- end}}
containers:
- name: nx-cloud-nx-api
image: {{ include "nxCloud.images.nxApi.image" . }}
Expand All @@ -36,12 +52,15 @@ spec:
{{- end }}
ports:
- containerPort: {{ .Values.nxApi.deployment.port }}
{{- if .Values.selfSignedCertConfigMap }}
{{- if .Values.nxApi.securityContext }}
securityContext:
{{- toYaml .Values.nxApi.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.selfSignedCertConfigMap }}
volumeMounts:
- mountPath: /usr/lib/jvm/java-17-amazon-corretto/jre/lib/security
name: cacerts
subPath: security
- mountPath: /self-signed-certs
name: self-signed-certs-volume
{{- end}}
Expand Down Expand Up @@ -131,6 +150,8 @@ spec:
{{- end }}
{{- if .Values.selfSignedCertConfigMap }}
volumes:
- emptyDir: { }
name: cacerts
- configMap:
name: {{ .Values.selfSignedCertConfigMap }}
name: self-signed-certs-volume
Expand Down

0 comments on commit 699b2ca

Please sign in to comment.