[installer] Mount custom CA certs into all relevant places (#20469)

geropl · web-flow · commit 7a27ea0839d2 · 2024-12-19T11:22:05.000-05:00
* [installer] Add custom CA cert to papi-server

* [installer] Add custom CA cert to proxy
diff --git a/install/installer/pkg/components/proxy/deployment.go b/install/installer/pkg/components/proxy/deployment.go
@@ -52,15 +52,18 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 				SecretName: ctx.Config.Certificate.Name,
 			},
 		},
-	}}
+	},
+		common.CAVolume(),
+	}
 
 	volumeMounts := []corev1.VolumeMount{{
 		Name:      "vhosts",
 		MountPath: "/etc/caddy/vhosts",
 	}, {
 		Name:      "config-certificates",
 		MountPath: "/etc/caddy/certificates",
-	}}
+	},
+		common.CAVolumeMount()}
 
 	if pointer.BoolDeref(ctx.Config.ContainerRegistry.InCluster, false) {
 		volumes = append(volumes, corev1.Volume{
diff --git a/install/installer/pkg/components/public-api-server/deployment.go b/install/installer/pkg/components/public-api-server/deployment.go
@@ -50,6 +50,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 			},
 		},
 		databaseSecretVolume,
+		common.CAVolume(),
 	}
 	volumeMounts := []corev1.VolumeMount{
 		{
@@ -59,6 +60,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 			SubPath:   configJSONFilename,
 		},
 		databaseSecretMount,
+		common.CAVolumeMount(),
 	}
 
 	_ = ctx.WithExperimental(func(cfg *experimental.Config) error {
diff --git a/install/installer/pkg/components/public-api-server/deployment_test.go b/install/installer/pkg/components/public-api-server/deployment_test.go
@@ -64,6 +64,16 @@ func TestDeployment_ServerArguments(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name: "ca-certificates",
+			VolumeSource: corev1.VolumeSource{
+				ConfigMap: &corev1.ConfigMapVolumeSource{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: "gitpod-ca-bundle",
+					},
+				},
+			},
+		},
 		{
 			Name: "stripe-secret",
 			VolumeSource: corev1.VolumeSource{

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {`
`50`	`50`	`},`
`51`	`51`	`},`
`52`	`52`	`databaseSecretVolume,`
	`53`	`+ common.CAVolume(),`
`53`	`54`	`}`
`54`	`55`	`volumeMounts := []corev1.VolumeMount{`
`55`	`56`	`{`
`@@ -59,6 +60,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {`
`59`	`60`	`SubPath: configJSONFilename,`
`60`	`61`	`},`
`61`	`62`	`databaseSecretMount,`
	`63`	`+ common.CAVolumeMount(),`
`62`	`64`	`}`
`63`	`65`
`64`	`66`	`_ = ctx.WithExperimental(func(cfg *experimental.Config) error {`