Merge pull request #49 from owncloud/insecure-options

add options to skip certificate validation
owncloud · Jun 30, 2022 · 7564179 · 7564179
2 parents ca8c895 + 0e38258
commit 7564179
Show file tree

Hide file tree

Showing 8 changed files with 125 additions and 94 deletions.
diff --git a/charts/ocis/README.md b/charts/ocis/README.md
diff --git a/charts/ocis/templates/auth-bearer/deployment.yaml b/charts/ocis/templates/auth-bearer/deployment.yaml
@@ -49,6 +49,9 @@ spec:
             - name: AUTH_BEARER_LOG_PRETTY
               value: "{{ .Values.logging.pretty }}"
 
+            - name: AUTH_BEARER_OIDC_INSECURE
+              value: "{{ .Values.insecure.oidcIdpInsecure }}"
+
             - name: AUTH_BEARER_GRPC_ADDR
               value: 0.0.0.0:9148
 

diff --git a/charts/ocis/templates/frontend/deployment.yaml b/charts/ocis/templates/frontend/deployment.yaml
@@ -63,6 +63,12 @@ spec:
                   name: {{ .Values.secretRefs.jwtSecretRef }}
                   key: jwt-secret
 
+            - name: FRONTEND_APP_HANDLER_INSECURE
+              value: "{{ .Values.insecure.ocisHttpApiInsecure }}"
+
+            - name: FRONTEND_ARCHIVER_INSECURE
+              value: "{{ .Values.insecure.ocisHttpApiInsecure }}"
+
             - name: FRONTEND_MACHINE_AUTH_API_KEY
               valueFrom:
                 secretKeyRef:

diff --git a/charts/ocis/templates/graph/deployment.yaml b/charts/ocis/templates/graph/deployment.yaml
@@ -71,6 +71,9 @@ spec:
             - name: GRAPH_EVENTS_ENDPOINT
               value: nats:9233
 
+            - name: GRAPH_SPACES_INSECURE
+              value: "{{ .Values.insecure.ocisHttpApiInsecure }}"
+
             - name: GRAPH_JWT_SECRET
               valueFrom:
                 secretKeyRef:

diff --git a/charts/ocis/templates/ocdav/deployment.yaml b/charts/ocis/templates/ocdav/deployment.yaml
@@ -55,6 +55,9 @@ spec:
             - name: REVA_GATEWAY
               value: gateway:9142
 
+            - name: OCDAV_INSECURE
+              value: "{{ .Values.insecure.ocisHttpApiInsecure }}"
+
             - name: OCDAV_JWT_SECRET
               valueFrom:
                 secretKeyRef:

diff --git a/charts/ocis/templates/proxy/deployment.yaml b/charts/ocis/templates/proxy/deployment.yaml
@@ -64,6 +64,9 @@ spec:
             - name: REVA_GATEWAY
               value: gateway:9142
 
+            - name: PROXY_OIDC_INSECURE
+              value: "{{ .Values.insecure.oidcIdpInsecure }}"
+
             - name: PROXY_JWT_SECRET
               valueFrom:
                 secretKeyRef:

diff --git a/charts/ocis/templates/thumbnails/deployment.yaml b/charts/ocis/templates/thumbnails/deployment.yaml
@@ -57,6 +57,12 @@ spec:
             - name: THUMBNAILS_DATA_ENDPOINT
               value: http://thumbnails:9186/thumbnails/data
 
+            - name: THUMBNAILS_WEBDAVSOURCE_INSECURE
+              value: "{{ .Values.insecure.ocisHttpApiInsecure }}"
+
+            - name: THUMBNAILS_CS3SOURCE_INSECURE
+              value: "{{ .Values.insecure.ocisHttpApiInsecure }}"
+
             - name: REVA_GATEWAY
               value: gateway:9142
 

diff --git a/charts/ocis/values.yaml b/charts/ocis/values.yaml
@@ -14,6 +14,12 @@ deploymentStrategy:
 
 externalDomain: ocis.owncloud.test
 
+insecure:
+  # disables ssl certificate checking for connections to the openID connect identity provider. Not recommended for production setups
+  oidcIdpInsecure: false
+  # disables ssl certificate checking for connections to the oCIS http apis. Not recommended for production setups
+  ocisHttpApiInsecure: false
+
 features:
   # enables basic authentication. Not recommended for production setups
   basicAuthentication: false