From 0c459b557ef7d6f321f7ac1be27884b2e19e2df8 Mon Sep 17 00:00:00 2001 From: devel Date: Thu, 11 Dec 2025 14:02:45 -0700 Subject: [PATCH 1/6] Make ttl changeable in the values file --- charts/kasm/templates/db-init-job.yaml | 4 ++-- charts/kasm/values.yaml | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/kasm/templates/db-init-job.yaml b/charts/kasm/templates/db-init-job.yaml index 1ca177e..7c1598e 100644 --- a/charts/kasm/templates/db-init-job.yaml +++ b/charts/kasm/templates/db-init-job.yaml @@ -19,7 +19,7 @@ metadata: helm.sh/hook: pre-install {{- end }} spec: - ttlSecondsAfterFinished: 100 + ttlSecondsAfterFinished: {{ .Values.components.api.ttlBeforeDelete }} template: metadata: labels: @@ -125,4 +125,4 @@ spec: args: - | if [[ "$DB_AUTO_INITIALIZE" == "true" ]]; then /usr/bin/startup.sh; else echo "DB already initialized."; fi -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/kasm/values.yaml b/charts/kasm/values.yaml index d509297..1cd17b6 100644 --- a/charts/kasm/values.yaml +++ b/charts/kasm/values.yaml @@ -283,6 +283,8 @@ components: annotations: {} # components.api.resources -- Manually configure the Kasm api Deployment resources. This overrides the pre-defined `deploymentSize` values. resources: {} + # components.api.ttlBeforeDelete -- Time to live setting for the db-init-job + ttlBeforeDelete: 100 # components.api.labels -- Custom labels to add to the Kasm api Deployment labels: {} # Configuration settings for the Kasm Manager service @@ -485,4 +487,4 @@ extraLabels: # extraObjects -- Deploy additional Kubernetes manifests. # This field is expected to be either a multi-line string, a list of strings, or a list of objects. # -extraObjects: [] \ No newline at end of file +extraObjects: [] From 5047ddfe6ce6aecab161a50c601012bcb070da6f Mon Sep 17 00:00:00 2001 From: devel Date: Fri, 12 Dec 2025 15:14:32 -0700 Subject: [PATCH 2/6] Add ttl to the schema --- charts/kasm/values.schema.json | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/charts/kasm/values.schema.json b/charts/kasm/values.schema.json index 0e7b9c3..0d6c45b 100644 --- a/charts/kasm/values.schema.json +++ b/charts/kasm/values.schema.json @@ -220,6 +220,12 @@ "title": "labels", "type": "object" }, + "ttlBeforeDelete": { + "additionalProperties": true, + "description": "Time to live setting for the db-init-job", + "title": "ttlBeforeDelete", + "type": "integer" + }, "resources": { "additionalProperties": true, "description": "Manually configure the Kasm api Deployment resources. This overrides the pre-defined `deploymentSize` values.", @@ -234,6 +240,7 @@ "image", "resources", "annotations", + "ttlBeforeDelete", "labels" ] }, @@ -1205,4 +1212,4 @@ } }, "type": "object" -} \ No newline at end of file +} From 5754524e22f0e73cd508fb8df24d2aded80244d4 Mon Sep 17 00:00:00 2001 From: devel Date: Wed, 14 Jan 2026 12:46:08 -0700 Subject: [PATCH 3/6] Adding custom cert support --- charts/kasm/templates/api-deployment.yaml | 37 +++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/charts/kasm/templates/api-deployment.yaml b/charts/kasm/templates/api-deployment.yaml index 0cafc3d..d68d9ad 100644 --- a/charts/kasm/templates/api-deployment.yaml +++ b/charts/kasm/templates/api-deployment.yaml @@ -39,6 +39,7 @@ spec: {{- with .Values.components.api.labels }}{{ toYaml . | nindent 8 }}{{- end }} {{- with .Values.extraLabels.pod }}{{ toYaml . | nindent 8 }}{{- end }} {{- with .Values.labels }}{{- toYaml . | nindent 8 }}{{- end }} + certs: trust-store {{- if or .Values.components.api.annotations .Values.annotations.pod }} annotations: {{- with .Values.annotations.pod }}{{ toYaml . | nindent 8 }}{{- end }} @@ -59,6 +60,15 @@ spec: {{- with .Values.affinity }} affinity: {{ toYaml . | nindent 8 }} {{- end }} + volumes: + - name: uds-trust-bundle + configMap: + name: uds-trust-bundle + items: + - key: ca-bundle.pem + path: ca-bundle.pem + - name: combined-certs + emptyDir: {} initContainers: - name: db-is-ready image: {{ $constants.api.image }} @@ -81,6 +91,10 @@ spec: name: {{ .Release.Name }}-secrets key: "db-password" {{- end }} + - name: SSL_CERT_FILE + value: /opt/certs/combined-ca-bundle.pem + - name: REQUESTS_CA_BUNDLE + value: /opt/certs/combined-ca-bundle.pem command: - /bin/bash - -c @@ -94,6 +108,22 @@ spec: - name: {{ $constants.api.name }}-container image: {{ $constants.api.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} + command: + - "/bin/sh" + - "-c" + - | + echo "# Combined CA Bundle - System and UDS Certificates" > /opt/certs/combined-ca-bundle.pem + echo "" >> /opt/certs/combined-ca-bundle.pem + if [ -f /etc/ssl/certs/ca-certificates.crt ]; then + echo "# System CA Certificates" >> /opt/certs/combined-ca-bundle.pem + cat /etc/ssl/certs/ca-certificates.crt >> /opt/certs/combined-ca-bundle.pem + echo "" >> /opt/certs/combined-ca-bundle.pem + fi + if [ -f /etc/ssl/certs/uds-ca-bundle.pem ]; then + echo "# UDS Certificate Bundle" >> /opt/certs/combined-ca-bundle.pem + cat /etc/ssl/certs/uds-ca-bundle.pem >> /opt/certs/combined-ca-bundle.pem + fi + - "/usr/bin/startup.sh" env: - name: START_SERVICES value: "true" @@ -134,3 +164,10 @@ spec: {{- if .Values.applyPodSecurity }} {{- include "kasm.containerSecurity" . | indent 10 }} {{- end }} + volumeMounts: + - name: uds-trust-bundle + mountPath: /etc/ssl/certs/uds-ca-bundle.pem + readOnly: true + subPath: ca-bundle.pem + - mountPath: /opt/certs + name: combined-certs From 4ca06e182ac5c9f3f87d07a5986146674abdc2b3 Mon Sep 17 00:00:00 2001 From: devel Date: Wed, 14 Jan 2026 13:42:26 -0700 Subject: [PATCH 4/6] make sure volumeMounts indented properly --- charts/kasm/templates/api-deployment.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/kasm/templates/api-deployment.yaml b/charts/kasm/templates/api-deployment.yaml index d68d9ad..7de0e76 100644 --- a/charts/kasm/templates/api-deployment.yaml +++ b/charts/kasm/templates/api-deployment.yaml @@ -91,10 +91,6 @@ spec: name: {{ .Release.Name }}-secrets key: "db-password" {{- end }} - - name: SSL_CERT_FILE - value: /opt/certs/combined-ca-bundle.pem - - name: REQUESTS_CA_BUNDLE - value: /opt/certs/combined-ca-bundle.pem command: - /bin/bash - -c @@ -146,6 +142,10 @@ spec: name: {{ .Release.Name }}-secrets key: "db-password" {{- end }} + - name: SSL_CERT_FILE + value: /opt/certs/combined-ca-bundle.pem + - name: REQUESTS_CA_BUNDLE + value: /opt/certs/combined-ca-bundle.pem ports: - name: {{ $constants.api.portName }} containerPort: {{ $constants.api.port }} @@ -164,10 +164,10 @@ spec: {{- if .Values.applyPodSecurity }} {{- include "kasm.containerSecurity" . | indent 10 }} {{- end }} - volumeMounts: - - name: uds-trust-bundle - mountPath: /etc/ssl/certs/uds-ca-bundle.pem - readOnly: true - subPath: ca-bundle.pem - - mountPath: /opt/certs - name: combined-certs + volumeMounts: + - name: uds-trust-bundle + mountPath: /etc/ssl/certs/uds-ca-bundle.pem + readOnly: true + subPath: ca-bundle.pem + - mountPath: /opt/certs + name: combined-certs From 948923c426d237a0190bfbc07a5a3fa814f097d7 Mon Sep 17 00:00:00 2001 From: devel Date: Wed, 14 Jan 2026 14:39:02 -0700 Subject: [PATCH 5/6] add sleep --- charts/kasm/templates/api-deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/kasm/templates/api-deployment.yaml b/charts/kasm/templates/api-deployment.yaml index 7de0e76..061fee9 100644 --- a/charts/kasm/templates/api-deployment.yaml +++ b/charts/kasm/templates/api-deployment.yaml @@ -107,6 +107,7 @@ spec: command: - "/bin/sh" - "-c" + - sleep 600 - | echo "# Combined CA Bundle - System and UDS Certificates" > /opt/certs/combined-ca-bundle.pem echo "" >> /opt/certs/combined-ca-bundle.pem From a057a3df75a82b0398845126db05c7f9110b8e00 Mon Sep 17 00:00:00 2001 From: devel Date: Wed, 14 Jan 2026 14:53:16 -0700 Subject: [PATCH 6/6] fix cmd syntax --- charts/kasm/templates/api-deployment.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/kasm/templates/api-deployment.yaml b/charts/kasm/templates/api-deployment.yaml index 061fee9..e3e33db 100644 --- a/charts/kasm/templates/api-deployment.yaml +++ b/charts/kasm/templates/api-deployment.yaml @@ -107,7 +107,6 @@ spec: command: - "/bin/sh" - "-c" - - sleep 600 - | echo "# Combined CA Bundle - System and UDS Certificates" > /opt/certs/combined-ca-bundle.pem echo "" >> /opt/certs/combined-ca-bundle.pem @@ -120,7 +119,7 @@ spec: echo "# UDS Certificate Bundle" >> /opt/certs/combined-ca-bundle.pem cat /etc/ssl/certs/uds-ca-bundle.pem >> /opt/certs/combined-ca-bundle.pem fi - - "/usr/bin/startup.sh" + /usr/bin/startup.sh env: - name: START_SERVICES value: "true"