.Values.global.certificate_authority mount is ignored without additional postRenderer
Fix introduced from issue #59 (closed) via !110 (merged) appears incomplete. It adds a mount to /etc/pki/tls/certs/oidc-ca.crt
if .Values.global.certificate_authority
is populated, but by itself this accomplishes nothing as the default trust still references /etc/pki/tls/certs/ca-bundle.crt
. Current workaround is to add an env var SSL_CERT_FILE
via postRenderer to reference the new trust location:
authservice:
postRenderers:
- kustomize:
patchesStrategicMerge:
- apiVersion: apps/v1
kind: Deployment
metadata:
name: authservice
namespace: authservice
spec:
template:
spec:
containers:
- name: authservice
env:
- name: "SSL_CERT_FILE"
value: "/etc/pki/tls/certs/oidc-ca.crt"
Edited by Samuel Sarnowski