handle custom CAs

Author: cx-nathan-leach

helm/templates/scheduler.yaml

@@ -23,26 +23,34 @@ spec:
     spec:
       automountServiceAccountToken: false
       volumes:
+        {{- with .Values.cxone.deployment }}
+
         - name: scheduler-secret-tenant-volume
           secret:
-            secretName: {{ .Values.cxone.secrets_name }}
+            secretName: {{ .secrets_name }}
             items:
               - key: cxone_tenant
                 path: cxone_tenant
 
         - name: scheduler-secret-oauth-client-id-volume
           secret:
-            secretName: {{ .Values.cxone.secrets_name }}
+            secretName: {{ .secrets_name }}
             items:
               - key: cxone_oauth_client_id
                 path: cxone_oauth_client_id
 
         - name: scheduler-secret-oauth-client-secret-volume
           secret:
-            secretName: {{ .Values.cxone.secrets_name }}
+            secretName: {{ .secrets_name }}
             items:
               - key: cxone_oauth_client_secret
                 path: cxone_oauth_client_secret
+          {{- if not (empty .ca_certs_configmap_name) }}
+        - name: scheduler-custom-ca-certs
+          configMap:
+            name: {{ .ca_certs_configmap_name }}
+          {{- end -}}
+        {{- end}}
 
       containers:
         - name: cxone-scan-scheduler
@@ -72,6 +80,12 @@ spec:
             - name: scheduler-secret-oauth-client-secret-volume
               mountPath: "/run/secrets/cxone_oauth_client_secret"
               subPath: cxone_oauth_client_secret
+            {{- with .Values.cxone.deployment }}
+              {{- if not (empty .ca_certs_configmap_name) }}
+            - name: scheduler-custom-ca-certs
+              mountPath: "/usr/local/share/ca-certificates"
+              {{- end -}}
+            {{- end}}
           env:
             {{- with .Values.cxone.connection }}
               {{- with .multitenant }}

helm/values.yaml

@@ -8,12 +8,14 @@
 # Most other options can be left blank or configured to tune
 # how the scheduler operates.
 cxone:
-  # Provide the name of the generic secret containing the key/value pairs
-  # with these keys:
-  # cxone_tenant
-  # cxone_oauth_client_id
-  # cxone_oauth_client_secret
-  secrets_name: cxone-scan-scheduler-secrets
+  deployment:
+    # Provide the name of the generic secret containing the key/value pairs
+    # with these keys:
+    # cxone_tenant
+    # cxone_oauth_client_id
+    # cxone_oauth_client_secret
+    secrets_name: cxone-scan-scheduler-secrets
+    ca_certs_configmap_name:
   connection:
     # Use only one: multitenant or singletenant
     # If both are used, the single-tenant configuration is ignored.
@@ -60,3 +62,14 @@ cxone:
     # scan to skip.
     recent_scan_hours:
   groups:
+    # Key values are the group moniker entry. Leave blank if not using group schedules.
+    # Each key has the following key/value pairs:
+    # * path - the group path
+    # * policy - the name of the schedule policy to apply to the group
+    # Example:
+    # mygroup1:
+    #   path: /dev/regions/US
+    #   policy: weekly
+    # mygroup2:
+    #   path: /dev/regions/UK
+    #   policy: monthly