feat(certificates): support certificates

The following patch enables you to generate certificates using cert-manager or,
alternatively, to mount a secret with TLS certificates.

The HTTP server is then automatically configured to use the TLS certificates to
encrypt HTTP traffic.

If an ingress controller is also used, such as the nginx-ingress controller, the
necessary annotations must still be set to inform the nginx-ingress controller
that the HTTP upstream server communicates via HTTPS.

templates/_deployment.tpl

@@ -26,6 +26,13 @@
 {{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
 {{- end }}
 
+{{- if .Values.certificate.enabled }}
+{{- $env = concat $env (list
+      (dict "name" "ATHENS_TLSCERT_FILE" "value" "/etc/athens-proxy/tls/tls.crt")
+      (dict "name" "ATHENS_TLSKEY_FILE" "value" "/etc/athens-proxy/tls/tls.key")
+    ) }}
+{{- end }}
+
 {{ toYaml (dict "env" $env) }}
 
 {{- end -}}
@@ -124,6 +131,12 @@
 
 {{- end }}
 
+
+{{/* volumeMounts (tls) */}}
+{{- if .Values.certificate.enabled }}
+{{- $volumeMounts = concat $volumeMounts (list (dict "name" "tls" "mountPath" "/etc/athens-proxy/tls" )) }}
+{{- end }}
+
 {{ toYaml (dict "volumeMounts" $volumeMounts) }}
 {{- end -}}
 
@@ -252,5 +265,15 @@
 {{- $volumes = concat $volumes (list $projectedSecretVolume) }}
 {{- end }}
 
+{{/* volumes (tls) */}}
+{{- if .Values.certificate.enabled }}
+{{- $secretName := include "athens-proxy.certificates.server.name" $ }}
+{{- if .Values.certificate.existingSecret.enabled }}
+{{- $secretName := .Values.certificate.existingSecret.secretName }}
+{{- end }}
+{{- $volumes = concat $volumes (list (dict "name" "tls" "secret" (dict "secretName" $secretName))) }}
+{{- end }}
+
+
 {{ toYaml (dict "volumes" $volumes) }}
 {{- end -}}