Add ExtraVolumeMounts to WGE helm to support custom CA

Question

Add ExtraVolumeMounts to WGE helm to support custom CA

MostafaMegahid opened this issue a year ago · 1 comments

Background

Potential customer (RBC Capital Markets) is trying to use WGE in their environment and will need to mount a custom CA bundle to validate the OIDC connection to the OIDC authentication service.
The WGE installation Helm chart currently does not support extravolumemounts, so this can only be done by using a postdeployment patch, which is not ideal.

Objective

Add the ability to add custom extravolumemounts to the Helm chart values.

Answer 1 · 2023-12-12T09:04:22.000Z

The recommended way to do this (using a post-render patch) is...

So, providing a CA Bundle ConfigMap should update the server Deployment resource appropriately.

  postRenderers:
    - kustomize:
        patchesStrategicMerge:
          - apiVersion: apps/v1
            kind: Deployment
            metadata:
              name: weave-gitops-enterprise-mccp-cluster-service
              namespace: flux-system
            spec:
              template:
                spec:
                  containers:
                    - name: clusters-service
                      volumeMounts:
                        - mountPath: /usr/local/share/ca-certificates
                          name: custom-ca
                      env:
                        - name: SSL_CERT_FILE
                          value: /usr/local/share/ca-certificates/ca-bundle.crt
                  volumes:
                    - configMap:
                        defaultMode: 420
                        name: custom-ca
                      name: custom-ca