diff --git a/charts/zitadel/Chart.yaml b/charts/zitadel/Chart.yaml index af56c718..26d0906d 100644 --- a/charts/zitadel/Chart.yaml +++ b/charts/zitadel/Chart.yaml @@ -3,7 +3,7 @@ name: zitadel description: A Helm chart for ZITADEL type: application appVersion: v2.65.3 -version: 8.7.1 +version: 8.7.2 kubeVersion: '>= 1.21.0-0' icon: https://zitadel.com/zitadel-logo-dark.svg maintainers: diff --git a/charts/zitadel/templates/debug_replicaset.yaml b/charts/zitadel/templates/debug_replicaset.yaml index 38794ffd..f716cf34 100644 --- a/charts/zitadel/templates/debug_replicaset.yaml +++ b/charts/zitadel/templates/debug_replicaset.yaml @@ -18,7 +18,7 @@ spec: metadata: annotations: checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/secret-db-ssl-root-crt: {{ include (print $.Template.BasePath "/secret_db-ssl-root-crt.yaml") . | sha256sum }} + checksum/secret-db-ssl-ca-crt: {{ include (print $.Template.BasePath "/secret_db-ssl-ca-crt.yaml") . | sha256sum }} checksum/secret-zitadel-secrets: {{ include (print $.Template.BasePath "/secret_zitadel-secrets.yaml") . | sha256sum }} labels: {{- include "zitadel.debugSelectorLabels" . | nindent 8 }} diff --git a/charts/zitadel/templates/deployment.yaml b/charts/zitadel/templates/deployment.yaml index 73c6df88..54198ddb 100644 --- a/charts/zitadel/templates/deployment.yaml +++ b/charts/zitadel/templates/deployment.yaml @@ -21,7 +21,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/secret-db-ssl-root-crt: {{ include (print $.Template.BasePath "/secret_db-ssl-root-crt.yaml") . | sha256sum }} + checksum/secret-db-ssl-ca-crt: {{ include (print $.Template.BasePath "/secret_db-ssl-ca-crt.yaml") . | sha256sum }} checksum/secret-zitadel-secrets: {{ include (print $.Template.BasePath "/secret_zitadel-secrets.yaml") . | sha256sum }} labels: app.kubernetes.io/component: start diff --git a/charts/zitadel/templates/secret_db-ssl-ca-crt.yaml b/charts/zitadel/templates/secret_db-ssl-ca-crt.yaml new file mode 100644 index 00000000..50f3f667 --- /dev/null +++ b/charts/zitadel/templates/secret_db-ssl-ca-crt.yaml @@ -0,0 +1,16 @@ +{{- if .Values.zitadel.dbSslCaCrt }} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: db-ssl-ca-crt + {{- with .Values.zitadel.dbSslCaCrtAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "zitadel.labels" . | nindent 4 }} +stringData: + ca.crt: |- +{{ .Values.zitadel.dbSslCaCrt | default "" | nindent 6 }} +{{- end }} diff --git a/charts/zitadel/templates/secret_db-ssl-root-crt.yaml b/charts/zitadel/templates/secret_db-ssl-root-crt.yaml deleted file mode 100644 index 55832704..00000000 --- a/charts/zitadel/templates/secret_db-ssl-root-crt.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.zitadel.dbSslRootCrt }} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: db-ssl-root-crt - annotations: - {{- if .Values.zitadel.dbSslRootCrtAnnotations }} - {{- with .Values.zitadel.dbSslRootCrtAnnotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- else }} - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation - helm.sh/hook-weight: "0" - {{- end }} - labels: - {{- include "zitadel.labels" . | nindent 4 }} -stringData: - ca.crt: |- -{{ .Values.zitadel.dbSslRootCrt | default "" | nindent 6 }} -{{- end }} \ No newline at end of file diff --git a/charts/zitadel/values.yaml b/charts/zitadel/values.yaml index d68b6c11..55789e35 100644 --- a/charts/zitadel/values.yaml +++ b/charts/zitadel/values.yaml @@ -44,6 +44,12 @@ zitadel: # The CA Certificate needed for establishing secure database connections dbSslCaCrt: "" + # Annotations set on database SSL CA certificate secret + dbSslCaCrtAnnotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-weight: "0" + # The Secret containing the CA certificate at key ca.crt needed for establishing secure database connections dbSslCaCrtSecret: ""