From 63f7f264f3dbc6820d5335e5325eb63b5210b61a Mon Sep 17 00:00:00 2001
From: Michael Martin <michaelmartin@seed-innovations.com>
Date: Wed, 25 Aug 2021 12:55:20 -0600
Subject: [PATCH] added caFile field support
---
chart/templates/_helpers.tpl | 2 +-
chart/templates/git-credentials.yaml | 10 +++++++---
chart/values.yaml | 6 ++++--
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
index a71ed1e1c1..1eadf30aa4 100644
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -60,7 +60,7 @@ Build the appropriate git credentials secret for private git repositories
{{- if .Values.git.existingSecret -}}
secretRef:
name: {{ .Values.git.existingSecret }}
-{{- else if coalesce .Values.git.credentials.username .Values.git.credentials.password .Values.git.credentials.privateKey .Values.git.credentials.publicKey .Values.git.credentials.knownHosts "" -}}
+{{- else if coalesce .Values.git.credentials.username .Values.git.credentials.password .Values.git.credentials.caFile .Values.git.credentials.privateKey .Values.git.credentials.publicKey .Values.git.credentials.knownHosts "" -}}
{{- /* Input validation happens in git-credentials.yaml template */ -}}
secretRef:
name: {{ $.Release.Name }}-git-credentials
diff --git a/chart/templates/git-credentials.yaml b/chart/templates/git-credentials.yaml
index 9c1bad84dd..345343a5e1 100644
--- a/chart/templates/git-credentials.yaml
+++ b/chart/templates/git-credentials.yaml
@@ -1,7 +1,7 @@
{{- if not .Values.git.existingSecret }}
{{- with .Values.git -}}
-{{- if coalesce .credentials.username .credentials.password .credentials.privateKey .credentials.publicKey .credentials.knownHosts -}}
-{{- $http := coalesce .credentials.username .credentials.password "" }}
+{{- if coalesce .credentials.username .credentials.password .credentials.caFile .credentials.privateKey .credentials.publicKey .credentials.knownHosts -}}
+{{- $http := coalesce .credentials.username .credentials.password .credentials.caFile "" }}
{{- $ssh := coalesce .credentials.privateKey .credentials.publicKey .credentials.knownHosts "" }}
apiVersion: v1
kind: Secret
@@ -11,11 +11,15 @@ metadata:
type: Opaque
data:
{{- if $http }}
+ {{- if .credentials.caFile }}
+ caFile: {{ .credentials.caFile | b64enc }}
+ {{- else }}
{{- if not (and .credentials.username .credentials.password) }}
- {{- fail "When using http git credentials, username and password must both be specified" }}
+ {{- fail "When using http git credentials without a caFile, username and password must both be specified" }}
{{- end }}
username: {{ .credentials.username | b64enc }}
password: {{ .credentials.password | b64enc }}
+ {{- end }}
{{- else }}
{{- if not (and (and .credentials.privateKey .credentials.publicKey) .credentials.knownHosts) }}
{{- fail "When using ssh git credentials, privateKey, publicKey, and knownHosts must all be specified" }}
diff --git a/chart/values.yaml b/chart/values.yaml
index a4f63bdad2..2df4499386 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -30,7 +30,7 @@ openshift: false
# -- Git credential settings for accessing private repositories
# Order of precedence is:
# 1. existingSecret
-# 2. http credentials (username/password)
+# 2. http credentials (username/password/caFile)
# 3. ssh credentials (privateKey/publicKey/knownHosts)
git:
# -- Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
@@ -41,7 +41,9 @@ git:
# -- HTTP git credentials, both username and password must be provided
username: ""
password: ""
-
+
+ # -- HTTPS certificate authority file. It is also possible to specify a caFile for public repositories, in that case the username and password can be omitted.
+ caFile: ""
# -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided
privateKey: ""
publicKey: ""
--
GitLab