Mount certificate store from Azure File Share rather than Azure Key V…

…ault (#63)

README.md

@@ -22,7 +22,7 @@ version: 1.0.0
 dependencies:
   - name: aspnetcore
     alias: aspnetcore
-    version: 1.0.0
+    version: 2.0.0
     repository: https://gsoft-inc.github.io/gsoft-helm-charts
 ```
 

charts/aspnetcore/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: aspnetcore
 description: A generic Helm chart for ASP.NET Core services
-version: 1.0.6
+version: 2.0.0
 home: https://github.com/gsoft-inc/gsoft-helm-charts
 sources:
   - https://github.com/gsoft-inc/gsoft-helm-charts

charts/aspnetcore/templates/deployment.yaml

@@ -67,9 +67,9 @@ spec:
           {{- end }}
           volumeMounts:
           {{- if .Values.certificateStore.enabled }}
-          - name: internal-certificates
+          - name: certificate-store
             mountPath: "/etc/ssl/certs/ca-certificates.crt"
-            subPath: "certificate-wildcard-platform-workleap-{{ .Values.environment }}-internal"
+            subPath: {{ quote .Values.certificateStore.fileName }}
             readOnly: true
           {{- end }}
           {{- if .Values.extraVolumeMounts }}
@@ -89,12 +89,16 @@ spec:
       {{- end }}
       volumes:
       {{- if .Values.certificateStore.enabled }}
-      - name: internal-certificates
+      - name: certificate-store
         csi:
-          driver: secrets-store.csi.k8s.io
-          readOnly: true
+          driver: file.csi.azure.com
           volumeAttributes:
-            secretProviderClass: internal-dns-keyvault
+            subscriptionID: {{ quote .Values.certificateStore.subscriptionId }}
+            resourceGroup: {{ quote .Values.certificateStore.resourceGroup }}
+            storageAccount: {{ quote .Values.certificateStore.storageAccount }}
+            shareName: {{ quote .Values.certificateStore.shareName }}
+            clientID: {{ quote .Values.azureWorkloadIdentity.clientId }}
+            mountOptions: "dir_mode=0777,file_mode=0777,cache=strict,actimeo=30,nosharesock"
       {{- end }}
       {{- if .Values.extraVolumes}}
         {{- toYaml .Values.extraVolumes | nindent 8 }}

charts/aspnetcore/values.yaml

@@ -181,13 +181,17 @@ extraVolumes: []
 ##
 extraVolumeMounts: []
 
-## Replace the container's certificate store with Workleap's certificate store which is stored in an Azure Key Vault
+## Replace the container's certificate store with Workleap's certificate store which is stored in an Azure File Share
 ## @param certificateStore.enabled Whether or not to replace the container's certificate store with Workleap's
-## @param certificateStore.tenantId The id of the azure tenant the Key Vault containing the certificate store is located in
-## @param certificateStore.keyvaultName The name of the Key Vault containing the certificate store
-## @param certificateStore.keyvaultObjectName The name of the object in the Key Vault containing the certificate
+## @param certificateStore.subscriptionId The subscription ID of the share's storage account
+## @param certificateStore.resourceGroup The resource group of the share's storage account
+## @param certificateStore.storageAccount The name of the share's storage account
+## @param certificateStore.shareName The name of the share (usually always "certificates")
+## @param certificateStore.fileName The name of the file inside the share to mount as the certificate store in the container (usually always "ca-bundle.crt")
 certificateStore:
   enabled: false
-  tenantId: ""
-  keyvaultName: ""
-  keyvaultObjectName: ""
+  subscriptionId: ""
+  resourceGroup: ""
+  storageAccount: ""
+  shareName: "certificates"
+  fileName: "ca-bundle.crt"