chore: mount vault CA cert for Node.js TLS trust in paperclip (#108)

Mount the vault-ca-cert secret and set NODE_EXTRA_CA_CERTS so Node.js
trusts the internal CA chain when making outbound TLS connections.

Reviewed-on: #108
This commit was merged in pull request #108.
This commit is contained in:
2026-05-03 00:10:08 +10:00
parent 156b545249
commit 260b2d4364
+13
View File
@@ -58,9 +58,15 @@ spec:
value: https://radosgw.service.consul
- name: PAPERCLIP_STORAGE_S3_FORCE_PATH_STYLE
value: "true"
- name: NODE_EXTRA_CA_CERTS
value: /etc/ssl/paperclip/ca.crt
envFrom:
- secretRef:
name: paperclip-credentials
volumeMounts:
- name: vault-ca-cert
mountPath: /etc/ssl/paperclip
readOnly: true
livenessProbe:
httpGet:
path: /api/health
@@ -92,4 +98,11 @@ spec:
requests:
cpu: 250m
memory: 512Mi
volumes:
- name: vault-ca-cert
secret:
secretName: vault-ca-cert
items:
- key: ca.crt
path: ca.crt
restartPolicy: Always