matomo: make it possible to use ssl connections to database (#21617)

* matomo: changed security context for certificates container Signed-off-by: matthiaswagnercm <153737803+matthiaswagnercm@users.noreply.github.com> * matomo: moved command into condition Signed-off-by: matthiaswagnercm <153737803+matthiaswagnercm@users.noreply.github.com> * matomo: mount shared certificates Signed-off-by: matthiaswagnercm <153737803+matthiaswagnercm@users.noreply.github.com> * matomo: added etc ssl certs to init containers Signed-off-by: matthiaswagnercm <153737803+matthiaswagnercm@users.noreply.github.com> * matomo: inserted ca Signed-off-by: matthiaswagnercm <153737803+matthiaswagnercm@users.noreply.github.com> * matomo: added extra volume mounts to cronjob Signed-off-by: matthiaswagnercm <153737803+matthiaswagnercm@users.noreply.github.com> * matomo: fixed indentation Signed-off-by: matthiaswagnercm <153737803+matthiaswagnercm@users.noreply.github.com> * matomo: reverted certificate mount Signed-off-by: matthiaswagnercm <153737803+matthiaswagnercm@users.noreply.github.com> * matomo: reverted mount of certs Signed-off-by: matthiaswagnercm <153737803+matthiaswagnercm@users.noreply.github.com> * Update Chart.yaml Signed-off-by: Matthias Wagner <matthias.wagner@company-mood.com> --------- Signed-off-by: matthiaswagnercm <153737803+matthiaswagnercm@users.noreply.github.com> Signed-off-by: Matthias Wagner <matthias.wagner@company-mood.com>
2026-03-08 17:27:20 +08:00 · 2024-01-09 11:35:52 +01:00
parent f35506d2da
commit 308e0efeca
3 changed files with 15 additions and 9 deletions
--- a/bitnami/matomo/Chart.yaml
+++ b/bitnami/matomo/Chart.yaml
@@ -39,4 +39,4 @@ maintainers:
 name: matomo
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/matomo
-version: 4.0.0
+version: 4.0.1
--- a/bitnami/matomo/templates/_helpers.tpl
+++ b/bitnami/matomo/templates/_helpers.tpl
@@ -174,17 +174,20 @@ Return the matomo pods needed initContainers
  {{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }}
    - name: {{ . }}
  {{- end }}
-  command:
+  securityContext:
+    runAsUser: 0
  {{- if .Values.certificates.command }}
  command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 4 }}
  {{- else if .Values.certificates.customCertificate.certificateSecret }}
-  - sh
-  - -c
-  - install_packages ca-certificates openssl
+  command:
+    - sh
+    - -c
+    - install_packages ca-certificates openssl
  {{- else }}
-  - sh
-  - -c
-  - install_packages ca-certificates openssl
+  command:
+    - sh
+    - -c
+    - install_packages ca-certificates openssl
    && openssl req -new -x509 -days 3650 -nodes -sha256
      -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)"
      -out  /etc/ssl/certs/ssl-cert-snakeoil.pem
@@ -229,4 +232,4 @@ Use: include "matomo.cronjobs.enabled" (dict "context" $ "cronjob" "archive" )
    {{- true -}}
  {{- end -}}
 {{- end -}}
-{{- end }}
+{{- end }}
--- a/bitnami/matomo/templates/cronjob.yaml
+++ b/bitnami/matomo/templates/cronjob.yaml
@@ -223,6 +223,9 @@ spec:
              volumeMounts:
                - name: matomo-data
                  mountPath: /bitnami/matomo
+                {{- if .Values.extraVolumeMounts }}
+                {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 16 }}
+                {{- end }}
          volumes:
            {{- if .Values.certificates.customCAs }}
            - name: etc-ssl-certs