nblumhardt
commented
1 year ago Thanks for the suggestions 👍
Closed dashkan closed 1 year ago
nblumhardt
commented
1 year ago Thanks for the suggestions 👍
dashkan
commented
1 year ago Would you take a PR for this? I really don't want to use a custom docker image.
nblumhardt
commented
1 year ago Thanks for the offer @dashkan! 😎
We'll chat about our options amongst ourselves early next week, and will get back to you ASAP.
nblumhardt
commented
1 year ago Hi again - sorry about the delay. Just letting you know this isn't forgotten - we have much of the team away at different times over the next couple of weeks, unfortunately, and will need to address this when we're all back.
KodrAus
commented
1 year ago Hi @dashkan :wave:
I think the best solution for this would be for the chart to allow extra volume mounts, so that you could create a configmap with your certificates and an init script that ran update-ca-certificates for you. Seq will run this init script on startup for you, so you won't need to customize any container args to include it.
What do you think?
dashkan
commented
1 year ago I think that was my second suggestion of making it more like bitnami charts.
extraVolumes extraVolumeMounts extraEnvs
I think that is the most flexible way and like it.
KodrAus
commented
1 year ago If you'd like to submit a PR for this please feel free @dashkan. Otherwise I'll make some time for it over the next few weeks. The extraEnvs would also be a particularly useful feature for anybody who wants to use feature flags or other niche configuration we don't expose direct support in the chart for.
KodrAus
commented
1 year ago As of the 2023.4.1 release of the chart you can specify extraEnvs, extraVolumes, and extraVolumeMounts that should make this a bit easier to do.
Our OIDC endpoint uses a custom CA and issuer. Currently have to use a custom SEQ docker image to add the certificates to the trust store. This is because seq uses OIDC backchannel handler and it fails SSL validation if CA/Issuer certs are not present on machine. Would be very nice to add the following features.
certificates: [] # PEM encoded array of certs.
If this value is present, the chart would create a configmap w/ specified certs, mount the configmap and finally run update-ca-certificates on start.
Another solution is be to add extraEnvs, extraVolumes and extraVolumeMounts like bitnami charts. The chart would also have to allow customizing the command and args in order to run update-ca-certificates.