Merge branch '1555-ca-mount' into 'main'

Add CA certificate volume mount for OIDC Identity Provider Closes #59 See merge request !110

Merge branch '1555-ca-mount' into 'main'
e75a1cc7 · Ryan Garcia · 6529a4c7 · 0ee88c46 · e75a1cc7 · e75a1cc7
Commit e75a1cc7 authored 1 year ago by Ryan Garcia
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # Changelog

 ---
+## [0.5.3-bb.10]
+### Changed
+- Added `sso-tls-ca` volume mount to the deployment to enable JWKS URI usage even if the OIDC IdP uses a custom CA.
+
 ## [0.5.3-bb.9]
 ### Changed
 - Fixes a double quoting bug in `jwks_uri` setting.

--- a/README.md
+++ b/README.md
 # authservice

-![Version: 0.5.3-bb.9](https://img.shields.io/badge/Version-0.5.3--bb.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.3](https://img.shields.io/badge/AppVersion-0.5.3-informational?style=flat-square)
+![Version: 0.5.3-bb.10](https://img.shields.io/badge/Version-0.5.3--bb.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.3](https://img.shields.io/badge/AppVersion-0.5.3-informational?style=flat-square)

 A Helm chart for Kubernetes


--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.3-bb.9
+version: 0.5.3-bb.10

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

--- a/chart/templates/deployment.yaml
+++ b/chart/templates/deployment.yaml
@@ -50,6 +50,16 @@ spec:
          volumeMounts:
            - name: {{ include "authservice.name" . }}
              mountPath: /etc/authservice
+            {{- if .Values.global.certificate_authority }}
+            - name: sso-tls-ca
+              mountPath: /etc/pki/tls/certs/oidc-ca.crt
+              subPath: oidc-ca.crt
+              readOnly: true
+            - name: sso-tls-ca
+              mountPath: /etc/ssl/oidc-ca.crt
+              subPath: oidc-ca.crt
+              readOnly: true
+            {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@@ -65,4 +75,9 @@ spec:
      volumes:
        - name: {{ include "authservice.name" . }}
          secret:
-            secretName: {{ include "authservice.fullname" . }}
\ No newline at end of file
+            secretName: {{ include "authservice.fullname" . }}
+        {{- if .Values.global.certificate_authority }}
+        - name: sso-tls-ca
+          secret:
+            secretName: {{ include "authservice.fullname" . }}-sso-tls-ca
+        {{- end}}
--- a/chart/templates/secret-ca.yaml
+++ b/chart/templates/secret-ca.yaml
+{{- if .Values.global.certificate_authority }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "authservice.fullname" . }}-sso-tls-ca
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "authservice.labels" . | nindent 4 }}
+stringData:
+  oidc-ca.crt: {{ .Values.global.certificate_authority | quote }}
+{{- end }}
\ No newline at end of file