cpiment
commented
3 months ago @cpiment Truly awesome PR! Thank you! 🥇
Thank you for the chart!
Closed cpiment closed 3 months ago
cpiment
commented
3 months ago @cpiment Truly awesome PR! Thank you! 🥇
Thank you for the chart!
Xtigyro
commented
3 months ago @cpiment Wanna be one of the official maintainers? We're a team of three people at present.
cpiment
commented
3 months ago Hi @Xtigyro! Thanks for the offering, I'm really flattered! However, I've never used helm before this chart and I don't know many things about developing and testing charts so I don't know if I would be a very good maintainer. I think I will try to contribute and learn for some time before taking that step, if that's OK with you.
Xtigyro
commented
3 months ago @cpiment Sure - and thank you once more!
vibe
commented
3 months ago @cpiment @Xtigyro This PR breaks the chart even if viaHTTPS (for example when using viaSsh instead) is not provided due to default values.
r10k-code.config.yaml needs to be updated, line 54.
{{- if or .Values.r10k.code.viaHttps.customCa.existingSecret .Values.r10k.code.viaHttps.customCa.cert.value }}
Xtigyro
commented
3 months ago @vibe Thanks!
@cpiment Could you please fix that?
FYI: @ldaneliukas @davidphay
cpiment
commented
3 months ago Sorry about the bug, I tested the suggested change in my environment and it seems to work fine, thanks for reporting!
In my use case the control repo is in a private repository which is cloned via HTTPS. The Gitlab instance where the repo lives is behind a reverse proxy which serves the repositories, and that reverser proxy has a certificate issued by an internal CA.
In order for r10k to retrieve the repository, I have had to configure the
netrcfile, which was already present in the chart but not documented (#211), and find a way for r10k to handle the custom CA of my Gitlab instance.This PR adds two new configuration settings:
r10k.code.viaHttps.customCa.cert.value: A multiline file where the custom CA certificate chain can be stored in PEM format. This certificate is stored inside ther10k-code-secretwithin thecertkey.r10k.code.viaHttps.customCa.existingSecret: A secret reference which must store the certificate chain in PEM format inside thecertkeyThe certificate is mounted as
~/code-certs/ca.pemfile in the container where r10k is running and then this command is launched in the entry point of the container:The template
r10k.code.viaHttps.customCa.repoUrlextracts the base URL from thepuppetserver.puppeturl, so git can check if the TLS certificate from the HTTPS repository matches the custom CA.I have bumped the version and changelog of the chart, but it you need more changes or me to modify anything, please contact me.