fix(support): Add passthrough for ca bundle secret into metrics server

Author: ividito

helm-chart/eoapi-support/templates/_helpers.tpl

@@ -0,0 +1,15 @@
+{{/*
+Fetch the CA Bundle from a specified secret if enabled
+*/}}
+{{- define "eoapi-support.fetchCaBundle" -}}
+{{- if .Values.enableCaBundleFetch -}}
+  {{- $secretName := .Values.caBundleSecretName | default "eoepca-ca-secret" -}}
+  {{- $caBundle := "" -}}
+  {{- with (lookup "v1" "Secret" "default" $secretName) -}}
+    {{- $caBundle = index .data "ca.crt" | b64dec -}}
+  {{- end -}}
+  {{- $caBundle -}}
+{{- else -}}
+  ""  # Return an empty string if not enabled
+{{- end -}}
+{{- end -}}

helm-chart/eoapi-support/values.yaml

@@ -1,3 +1,8 @@
+# when enabled, metrics-server will use the caBundle from the provided secret
+# ref: https://github.com/developmentseed/eoapi-k8s/issues/154
+enableCaBundleFetch: false
+caBundleSecretName: ""
+
 # most of this was cribbed from https://github.com/2i2c-org/infrastructure/blob/master/helm-charts/support/
 # so giving props where props are due to Yuvi Panda :sparkles:
 prometheus-adapter:
@@ -163,7 +168,6 @@ grafana:
   dashboardsConfigMaps:
     default: "eoapi-dashboards"
 
-
 metrics-server:
   apiService:
     create: true