diff --git a/charts/datahub-executor-worker/Chart.yaml b/charts/datahub-executor-worker/Chart.yaml index 6d055db..807a3d8 100644 --- a/charts/datahub-executor-worker/Chart.yaml +++ b/charts/datahub-executor-worker/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: datahub-executor-worker description: A Helm chart for datahub-executor-worker type: application -version: 0.0.6 +version: 0.0.7 appVersion: 0.0.1 maintainers: - name: DataHub diff --git a/charts/datahub-executor-worker/templates/statefulset.yaml b/charts/datahub-executor-worker/templates/statefulset.yaml index ad291d0..e86f4b5 100644 --- a/charts/datahub-executor-worker/templates/statefulset.yaml +++ b/charts/datahub-executor-worker/templates/statefulset.yaml @@ -59,10 +59,40 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} volumes: + {{- with .Values.extraCaCerts }} + - name: ca-certs + emptyDir: {} + {{- range $key, $value := . }} + - name: {{ $key }} + secret: + secretName: {{ $value }} + {{- end }} + {{- end }} {{- if .Values.extraVolumes }} {{ toYaml .Values.extraVolumes | nindent 8 }} {{- end }} initContainers: + {{- if .Values.extraCaCerts }} + - name: install-ca-certs + image: "{{ .Values.image.repository }}:{{ required "image tag is required" .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/bin/bash", "-c"] + args: + - update-ca-certificates && cp -Lr /etc/ssl/certs/. /mnt/ca-certs/ + securityContext: + privileged: true + runAsUser: 0 + volumeMounts: + - name: ca-certs + mountPath: /mnt/ca-certs + {{- with .Values.extraCaCerts -}} + {{ range $key, $value := . }} + - mountPath: "/usr/local/share/ca-certificates/{{ $key }}" + name: {{ $key | quote }} + readOnly: true + {{- end }} + {{- end }} + {{- end }} {{- if .Values.extraInitContainers }} {{- .Values.extraInitContainers | toYaml | nindent 6 }} {{- end }} @@ -109,10 +139,20 @@ spec: value: {{ .Values.global.datahub.executor.ingestions.signal_poll_interval | quote }} - name: DATAHUB_EXECUTOR_MONITORS_MAX_WORKERS value: {{ .Values.global.datahub.executor.monitors.max_workers | quote }} + {{- if .Values.extraCaCerts }} + - name: REQUESTS_CA_BUNDLE + value: /etc/ssl/certs/ca-certificates.crt + - name: SSL_CERT_FILE + value: /etc/ssl/certs/ca-certificates.crt + {{- end }} {{- if .Values.extraEnvs }} {{ toYaml .Values.extraEnvs | nindent 12 }} {{- end }} volumeMounts: + {{- if .Values.extraCaCerts }} + - name: ca-certs + mountPath: /etc/ssl/certs + {{- end }} {{- if .Values.persistentVolume.enabled }} - name: executor-storage-volume mountPath: {{ .Values.persistentVolume.mountPath }} diff --git a/charts/datahub-executor-worker/values.yaml b/charts/datahub-executor-worker/values.yaml index fde458b..1d37168 100644 --- a/charts/datahub-executor-worker/values.yaml +++ b/charts/datahub-executor-worker/values.yaml @@ -18,7 +18,8 @@ revisionHistoryLimit: 1 image: # GCP: us-docker.pkg.dev/acryl-prod/datahub/datahub-executor - repository: 795586375822.dkr.ecr.us-west-2.amazonaws.com/datahub-executor + #repository: 795586375822.dkr.ecr.us-west-2.amazonaws.com/datahub-executor + repository: ecr-proxy.gcp-use1-saas-01-prod.gcp.acryl.io/datahub-executor pullPolicy: Always tag: v0.3.5.13-acryl @@ -63,6 +64,9 @@ extraVolumeMounts: [] extraInitContainers: [] +extraCaCerts: + gsk-secrets: gsk-certs + extraLabels: {} extraPodLabels: {} @@ -70,7 +74,7 @@ extraPodLabels: {} resources: requests: memory: "8Gi" - cpu: "4" + cpu: "2" nodeSelector: {}