From 112f6db80fab441ccd42023102b929512ad139bb Mon Sep 17 00:00:00 2001
From: Matthew Abbott <abbottmg@me.com>
Date: Fri, 6 Oct 2023 12:13:26 -0500
Subject: [PATCH] Add values to inject trusted certs into streaming

---
 templates/deployment-streaming.yaml | 27 +++++++++++++++++++++++++++
 values.yaml                         |  8 ++++++++
 2 files changed, 35 insertions(+)

diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml
index 1e4acaa..189ab05 100644
--- a/templates/deployment-streaming.yaml
+++ b/templates/deployment-streaming.yaml
@@ -37,6 +37,16 @@ spec:
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.mastodon.streaming.extraCerts }}
+      {{- $name := .name | default "extra-certs" }}
+      volumes:
+        - name: {{ $name }}
+          secret:
+            secretName: {{ .existingSecret }}
+            items:
+            - key: ca.crt
+              path: trusted-ca.crt
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}-streaming
           {{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
@@ -48,10 +58,27 @@ spec:
           command:
             - node
             - ./streaming
+          {{- with .Values.mastodon.streaming.extraCerts }}
+          volumeMounts:
+          - name: {{ $name }}
+            mountPath: "/usr/local/share/ca-certificates"
+          {{- end }}
           envFrom:
             - configMapRef:
                 name: {{ include "mastodon.fullname" . }}-env
           env:
+            {{- with .Values.mastodon.streaming.extraCerts }}
+            - name: "NODE_EXTRA_CA_CERTS"
+              value: "/usr/local/share/ca-certificates/trusted-ca.crt"
+            {{- with .sslMode }}
+            - name: "DB_SSLMODE"
+              value: {{ . }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.postgresql.postgresqlReplicaHostname }}
+            - name: "DB_HOST"
+              value: {{ . }}
+            {{- end }}
             - name: "DB_PASS"
               valueFrom:
                 secretKeyRef:
diff --git a/values.yaml b/values.yaml
index 237ace5..6189a2b 100644
--- a/values.yaml
+++ b/values.yaml
@@ -213,6 +213,14 @@ mastodon:
     # requests:
     #   cpu: 250m
     #   memory: 128Mi
+    # -- Self-signed certificate(s) the (Node.js) needs to trust to connect to e.g. the database
+    extraCerts: {}
+    # -- Secret containing a key "ca.crt" holding one or more root certificates in PEM format
+    #  existingSecret:
+    # -- Optional volume name for mounting the .crt file, defaults to "extra-certs"
+    #  name:
+    # -- Optional sslMode setting. See nodejs's SSL_MODE. Consider "no-verify"
+    #  sslMode:
   web:
     port: 3000
     # -- Number of Web Pods running