Scalr · mermoldy · Apr 16, 2024 · Apr 5, 2024 · Apr 5, 2024 · Apr 11, 2024
diff --git a/charts/agent-docker/README.md b/charts/agent-docker/README.md
@@ -59,4 +59,4 @@ Multiple Deployments can be created within a single Kubernetes cluster.
 | tolerations | list | `[]` | Tolerations for the Scalr Agent pods, allowing them to run on tainted nodes |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
diff --git a/charts/agent-k8s/CHANGELOG.md b/charts/agent-k8s/CHANGELOG.md
@@ -9,6 +9,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [UNRELEASED]
 
+- Added the `agent.container_task_ca_cert` configuration option for installing the CA bundle into a task container.
+
 ## [v0.5.9]
 
 ### Updated

diff --git a/charts/agent-k8s/README.md b/charts/agent-k8s/README.md
@@ -97,6 +97,7 @@ $ helm upgrade ... \
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | agent.container_task_acquire_timeout | int | `180` | The timeout for the agent worker to acquire the container task (e.g., Kubernetes Pod). This timeout is primarily relevant in Kubernetes node autoscaling scenarios. It includes the time to spin up a new Kubernetes node, pull the agent worker image onto it, deploy the agent worker as part of a DaemonSet, and the time for the worker to launch and acquire the task to continue the run's execution. |
+| agent.container_task_ca_cert | string | `""` | The CA certificates bundle to mount it into the container task at `/etc/ssl/certs/ca-certificates.crt`. The CA file can be located inside the agent Pod, allowing selection of a certificate by its path. Alternatively, a base64 string containing the certificate bundle can be used. The example encoding it: `cat /path/to/bundle.ca \| base64`. The bundle should include both your private CAs and the standard set of public CAs. |
 | agent.container_task_cpu_limit | float | `8` | CPU resource limit defined in cores. If your container needs two full cores to run, you would put the value 2. If your container only needs ¼ of a core, you would put a value of 0.25 cores. |
 | agent.container_task_cpu_request | float | `1` | CPU resource request defined in cores. If your container needs two full cores to run, you would put the value 2. If your container only needs ¼ of a core, you would put a value of 0.25 cores. |
 | agent.container_task_mem_limit | int | `16384` | Memory resource limit defined in megabytes. |
@@ -137,4 +138,4 @@ $ helm upgrade ... \
 | workerTolerations | list | `[]` | Kubernetes Node Tolerations for the agent worker and the agent task pods. Expects input structure as per specification <https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core>. Example: `--set workerTolerations[0].operator=Equal,workerTolerations[0].effect=NoSchedule,workerTolerations[0].key=dedicated,workerTolerations[0].value=scalr-agent-worker-pool` |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
diff --git a/charts/agent-k8s/templates/controller.yaml b/charts/agent-k8s/templates/controller.yaml
@@ -69,6 +69,8 @@ spec:
               value: "{{ .Values.agent.container_task_mem_request }}"
             - name: SCALR_CONTAINER_TASK_MEM_LIMIT
               value: "{{ .Values.agent.container_task_mem_limit }}"
+            - name: SCALR_CONTAINER_TASK_CA_CERT
+              value: "{{ .Values.agent.container_task_ca_cert }}"
             - name: SCALR_GC_PLUGINS_GLOBAL_SIZE_LIMIT
               value: "{{ .Values.agent.gc_plugins_global_size_limit }}"
             - name: SCALR_GC_PLUGINS_WORKSPACE_SIZE_LIMIT

diff --git a/charts/agent-k8s/templates/worker.yaml b/charts/agent-k8s/templates/worker.yaml
@@ -67,6 +67,8 @@ spec:
               value: "{{ .Values.agent.container_task_mem_request }}"
             - name: SCALR_CONTAINER_TASK_MEM_LIMIT
               value: "{{ .Values.agent.container_task_mem_limit }}"
+            - name: SCALR_CONTAINER_TASK_CA_CERT
+              value: "{{ .Values.agent.container_task_ca_cert }}"
             - name: SCALR_GC_PLUGINS_GLOBAL_SIZE_LIMIT
               value: "{{ .Values.agent.gc_plugins_global_size_limit }}"
             - name: SCALR_GC_PLUGINS_WORKSPACE_SIZE_LIMIT

diff --git a/charts/agent-k8s/values.yaml b/charts/agent-k8s/values.yaml
@@ -49,6 +49,12 @@ agent:
   container_task_mem_request: 1024
   # -- Memory resource limit defined in megabytes.
   container_task_mem_limit: 16384
+  # -- The CA certificates bundle to mount it into the container task at `/etc/ssl/certs/ca-certificates.crt`.
+  # The CA file can be located inside the agent Pod, allowing selection of a
+  # certificate by its path. Alternatively, a base64 string containing the
+  # certificate bundle can be used. The example encoding it: `cat /path/to/bundle.ca \| base64`.
+  # The bundle should include both your private CAs and the standard set of public CAs.
+  container_task_ca_cert: ""
   # -- Size limit (in megabytes) of the global plugin cache with providers from the public registries.
   gc_plugins_global_size_limit: 2560
   # -- Size limit (in megabytes) of the workspace plugin cache with providers from the private registries.