Skip to content

Commit

Permalink
add privateCA config to registry service (#2078)
Browse files Browse the repository at this point in the history 
* add privateCA config to registry service

* add env for privateCA config

* update registry service test case
  • Loading branch information
@pgvishnuram
pgvishnuram committed Dec 28, 2023
1 parent 3e1468b commit 212b420
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 0 deletions.
6 changes: 6 additions & 0 deletions charts/astronomer/templates/registry/registry-statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,10 @@ spec:
{{- else }}
value: {{ randAlphaNum 32 }}
{{- end }}
{{- if .Values.global.privateCaCerts }}
- name: UPDATE_CA_CERTS
value: "true"
{{- end }}
{{- if .Values.registry.extraEnv }}
{{ toYaml .Values.registry.extraEnv | indent 10 }}
{{- end }}
Expand All @@ -91,6 +95,7 @@ spec:
{{- if and .Values.registry.gcs.enabled .Values.registry.gcs.useKeyfile }}
{{- include "registry.gcsVolumeMount" . | indent 12 }}
{{- end }}
{{- include "custom_ca_volume_mounts" . | indent 12 }}
ports:
- name: registry-http
containerPort: {{ .Values.ports.registryHTTP }}
Expand Down Expand Up @@ -127,6 +132,7 @@ spec:
- name: data
emptyDir: {}
{{- else }}
{{ include "custom_ca_volumes" . | indent 8 }}
volumeClaimTemplates:
- metadata:
name: data
Expand Down
27 changes: 27 additions & 0 deletions tests/chart_tests/test_registry_statefulset.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from tests.chart_tests.helm_template_generator import render_chart
import pytest
from tests import supported_k8s_versions
import jmespath


@pytest.mark.parametrize(
Expand Down Expand Up @@ -117,3 +118,29 @@ def test_registry_sts_with_podlabels(self, kube_version):

for k, v in labels.items():
assert docs[0]["spec"]["template"]["metadata"]["labels"][k] == v

def test_registry_privateca_enabled(self, kube_version):
docs = render_chart(
kube_version=kube_version,
values={"global": {"privateCaCerts": ["private-root-ca"]}},
show_only=[
"charts/astronomer/templates/registry/registry-statefulset.yaml"
],
)
search_result = jmespath.search(
"spec.template.spec.containers[*].volumeMounts[?name == 'private-root-ca']",
docs[0],
)
expected_result = [
[
{
"mountPath": "/usr/local/share/ca-certificates/private-root-ca.pem",
"name": "private-root-ca",
"subPath": "cert.pem",
}
]
]
assert search_result == expected_result
assert {"name": "UPDATE_CA_CERTS", "value": "true"} in docs[0]["spec"][
"template"
]["spec"]["containers"][0]["env"]

0 comments on commit 212b420

Please sign in to comment.