search

coder / coder-logstream-kube

Stream Kubernetes Pod events to the Coder startup logs
GNU Affero General Public License v3.0
10 stars 4 forks source link

Custom Certificates Through Helm Chart #9

Closed ElioDiNino closed 1 year ago

ElioDiNino commented 1 year ago

Problem

Currently, to set a custom certificate for the Helm chart (required for Coder deployments with self-signed certificates) you must create a new Docker image that extends the current one. The extended image needs to add in your custom certificate and set the SSL_CERT_FILE or SSL_CERT_DIR environment variable. You must then reference this custom image in the Helm chart (example of both below).

Solution

The environment variables should be able to be set through values.yaml and the custom certificates should be able to be mounted as a volume or from a secret (like in the Coder helm chart for certs and tls).

Examples

Custom Dockerfile

FROM ghcr.io/coder/coder-logstream-kube:latest

ADD mycert.crt mycert.crt
ENV SSL_CERT_FILE="mycert.crt"

values.yaml

# url -- The URL of your Coder deployment. Must prefix with http or https
url: "https://coder.mydomain.local"

# namespace -- The namespace to searching for Pods within.
# If unspecified, this defaults to the Helm namespace.
namespace: ""

# image -- The image to use.
image:
  # image.repo -- The repository of the image.
  repo: "myCustomRepo/coder-logstream-kube"
  # image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}}
  # if not set. If you're using the chart directly from git, the default
  # app version will not work and you'll need to set this value. The helm
  # chart helpfully fails quickly in this case.
  tag: "latest"
  # image.pullPolicy -- The pull policy to use for the image. See:
  # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
  pullPolicy: Always
  # image.pullSecrets -- The secrets used for pulling the Coder image from
  # a private registry.
  pullSecrets: []
  #  - name: "pull-secret"

serviceAccount:
  # serviceAccount.annotations -- The service account annotations.
  annotations: {}
  # serviceAccount.labels -- The service account labels.
  labels: {}
  # coder.serviceAccount.name -- The service account name
  name: coder-logstream-kube
ericpaulsen commented 1 year ago

I can take this on.

ElioDiNino commented 12 months ago

When will a new tag version be released with this change implemented?

ericpaulsen commented 11 months ago

When will a new tag version be released with this change implemented?

i'll defer to @kylecarbs as to when we will cut a new release.

kylecarbs commented 11 months ago

I'll cut one right now!