diff --git a/README.md b/README.md index 6f0abc9..574cf91 100644 --- a/README.md +++ b/README.md @@ -290,6 +290,10 @@ Note that the samples prefix properties with `WORKERGENID1` which always creates | signserver.keystoresMountPath | Mount path in the SignServer container for mounted keystore files | | | signserver.env | Environment variables to pass to container | | | signserver.envRaw | Environment variables to pass to container in Kubernetes YAML format | | +| signserver.initContainers | Extra init containers to be added to the deployment | [] | +| signserver.sidecarContainers | Extra sidecar containers to be added to the deployment | [] | +| signserver.volumes | Extra volumes to be added to the deployment | [] | +| signserver.volumeMounts | Extra volume mounts to be added to the deployment | [] | ### SignServer Environment Variables @@ -330,6 +334,8 @@ Note that the samples prefix properties with `WORKERGENID1` which always creates | services.proxyHttp.bindIP | IP to bind for proxy HTTP communication | 0.0.0.0 | | services.proxyHttp.httpPort | Service port for proxy HTTP communication | 8081 | | services.proxyHttp.httpsPort | Service port for proxy HTTP communication that accepts SSL_CLIENT_CERT header | 8082 | +| services.sidecarPorts | Additional ports to expose in sidecar containers | [] | + ### Ingress Parameters diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 7491776..bda538f 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -27,6 +27,10 @@ spec: serviceAccountName: {{ include "signserver-community-helm.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.signserver.initContainers }} + initContainers: + {{- toYaml .Values.signserver.initContainers | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: @@ -119,6 +123,12 @@ spec: - name: signserver-keystores-files mountPath: {{ .Values.signserver.keystoresMountPath }} {{- end }} + {{- if .Values.signserver.volumeMounts }} + {{- toYaml .Values.signserver.volumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.signserver.sidecarContainers }} + {{- toYaml .Values.signserver.sidecarContainers | nindent 8 }} + {{- end }} volumes: {{- if .Values.signserver.useH2Persistence }} - name: signserver-h2-persistence @@ -145,6 +155,9 @@ spec: secret: secretName: {{ .Values.signserver.keystoresSecret }} {{- end }} + {{- if .Values.signserver.volumes }} + {{- toYaml .Values.signserver.volumes | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/templates/services.yaml b/templates/services.yaml index 0a4f887..69fc36e 100644 --- a/templates/services.yaml +++ b/templates/services.yaml @@ -22,6 +22,9 @@ spec: targetPort: https protocol: TCP name: https + {{- if and .Values.signserver.sidecarContainers .Values.services.sidecarPorts }} + {{- toYaml .Values.services.sidecarPorts | nindent 4 }} + {{- end }} selector: {{- include "signserver-community-helm.selectorLabels" . | nindent 4 }} {{- end }} diff --git a/values.yaml b/values.yaml index e4053ce..813c28d 100644 --- a/values.yaml +++ b/values.yaml @@ -22,6 +22,14 @@ signserver: # secretKeyRef: # name: signserverdbcredentials # key: database_password + # Extra init containers to be added to the deployment + initContainers: [] + # Extra sidecar containers to be added to the deployment + sidecarContainers: [] + # Extra volumes to be added to the deployment + volumes: [] + # Extra volume mounts to be added to the deployment + volumeMounts: [] # Only one of the following services can be enabled at a time @@ -42,6 +50,9 @@ services: bindIP: 0.0.0.0 httpPort: 8081 httpsPort: 8082 + # Extra sidecar ports to be added to the service, optionally used when sidecarContainers + # are defined and need to expose ports + sidecarPorts: [] # Requires proxyAJP or proxyHttp service to be enabled for adminweb access ingress: