Merge pull request #186 from scality/bugfix/ZENKO-710-https-proxy

bf: allow optional proxy certs

charts/cloudserver-front/templates/certificate.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.proxy.https -}}
+{{- if .Values.proxy.caCert -}}
 apiVersion: v1
 kind: Secret
 metadata:

charts/cloudserver-front/templates/deployment.yaml

@@ -69,6 +69,8 @@ spec:
               value: "{{ .Values.proxy.https }}"
             - name: HTTPS_PROXY
               value: "{{ .Values.proxy.https }}"
+{{- end }}
+{{- if .Values.proxy.caCert }}
             - name: NODE_EXTRA_CA_CERTS
               value: "/ssl/ca.crt"
 {{- end }}
@@ -109,7 +111,7 @@ spec:
               path: /_/healthcheck
               port: http
           volumeMounts:
-            {{- if .Values.proxy.https }}
+            {{- if .Values.proxy.caCert }}
             - name: proxy-cert
               mountPath: "/ssl"
               readOnly: true
@@ -129,7 +131,7 @@ spec:
 {{ toYaml . | indent 8 }}
     {{- end }}
       volumes:
-        {{- if .Values.proxy.https }}
+        {{- if .Values.proxy.caCert }}
         - name: proxy-cert
           secret:
             secretName: {{ template "cloudserver-front.fullname" . }}-proxy

charts/cloudserver-front/values.yaml

@@ -39,10 +39,12 @@ proxy:
   # If you want to use an HTTP proxy, add the respective endpoints after
   # 'http:' and/or 'https:'. If the HTTP proxy endpoint is set but the HTTPS
   # one isn't, the HTTP proxy will be used for HTTPS traffic as well.
-  # Additionally, if the HTTPS proxy is set, you will need to provide an
-  # ssl certificate in a file named 'ca.crt' at the root path of this chart.
+  # Additionally you can pass a CA certifcate that will be added to the trusted
+  # certs. If the proxy URL is configured and caCert is true, helm
+  # will look for a file named 'ca.crt' at the root path of this chart.
   http: ""
   https: ""
+  caCert: false
 
 service:
   type: ClusterIP