Add optional CA secret for Gitlab (#149)

tooling/charts/tl500-base/templates/gitlab/deployments.yaml

@@ -41,15 +41,15 @@ spec:
       - name: gitlab-ce-volume-2
         persistentVolumeClaim:
           claimName: "{{ $.Values.gitlab_app_name }}-data"
-#      - name: gitlab-certificates
-#        secret:
-#          defaultMode: 420
-#          items:
-#          - key: "gitlab.crt"
-#            path: "gitlab.crt"
-#          - key: "gitlab.key"
-#            path: "gitlab.key"
-#          secretName: gitlab-certs
+{{- if .Values.gitlab.cacert }}
+      - name: gitlab-ca
+        secret:
+          defaultMode: 420
+          items:
+          - key: "ca-cert.crt"
+            path: "ca-cert.crt"
+          secretName: gitlab-ca
+{{- end }}
       containers:
       - name: gitlab-ce
         image: gitlab-ce
@@ -100,8 +100,10 @@ spec:
           mountPath: "/etc/gitlab"
         - name: gitlab-ce-volume-2
           mountPath: "/gitlab-data"
-#        - name: gitlab-certificates
-#          mountPath: /etc/gitlab-ssl
+{{- if .Values.gitlab.cacert }}
+        - name: gitlab-ca
+          mountPath: /etc/gitlab-ssl
+{{- end }}
         livenessProbe:
           httpGet:
             path: "/help"

tooling/charts/tl500-base/templates/gitlab/secrets.yaml

@@ -0,0 +1,10 @@
+{{- if .Values.gitlab.cacert }}
+apiVersion: v1
+data:
+  ca-cert.crt: "{{ .Values.gitlab.cacert }}"
+kind: Secret
+metadata:
+  name: gitlab-ca
+  namespace: "{{ $.Values.gitlab.namespace }}"
+type: Opaque
+{{- end }}

tooling/charts/tl500-base/values.yaml

@@ -97,6 +97,8 @@ gitlab:
     - name: "postgresql"
       tag_name: "latest"
       stream_uri: "registry.redhat.io/rhscl/postgresql-96-rhel7"
+# a body of CA certificate that Gitlab should be using goes in here. Body needs to be Base64!
+#  cacert:
   ldap:
 #    port: "389"
 #    base: "dc=CORP,dc=EXAMPLE,dc=COM"
@@ -135,4 +137,4 @@ gitops-operator:
   ignoreHelmHooks: false
 
 tl500-teamsters:
-  enabled: true
+  enabled: true