chore: mount vault CA cert for Node.js TLS trust in paperclip
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

Mount the vault-ca-cert secret and set NODE_EXTRA_CA_CERTS so Node.js
trusts the internal CA chain when making outbound TLS connections.
This commit is contained in:
2026-05-03 00:08:11 +10:00
parent 156b545249
commit b4d69c8d72
+13
View File
@@ -58,9 +58,15 @@ spec:
value: https://radosgw.service.consul value: https://radosgw.service.consul
- name: PAPERCLIP_STORAGE_S3_FORCE_PATH_STYLE - name: PAPERCLIP_STORAGE_S3_FORCE_PATH_STYLE
value: "true" value: "true"
- name: NODE_EXTRA_CA_CERTS
value: /etc/ssl/paperclip/ca.crt
envFrom: envFrom:
- secretRef: - secretRef:
name: paperclip-credentials name: paperclip-credentials
volumeMounts:
- name: vault-ca-cert
mountPath: /etc/ssl/paperclip
readOnly: true
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /api/health path: /api/health
@@ -92,4 +98,11 @@ spec:
requests: requests:
cpu: 250m cpu: 250m
memory: 512Mi memory: 512Mi
volumes:
- name: vault-ca-cert
secret:
secretName: vault-ca-cert
items:
- key: ca.crt
path: ca.crt
restartPolicy: Always restartPolicy: Always