[Feature] Add the possibility to add CA certificates as volumes/config

[fforootd]

In some scenarios customers want to configure zitadel to send outbound traffic through a proxy server.

We already support defining HTTP_PROXY settings but there is no way mounting a CA file

Acceptance Criteria

• Users can mount their CA file (this should mount /etc/ssl/certs/)
• HTTPS_PROXY can use the CA file

[unique-dominik]

@fforootd Is it enough to just mount the directory/file if we do not use the proxy? Can we also set the SSL_CERT_FILE environment variable to tell Zitadel to use it. Same here btw, if I make it work at the bank, a meaty PR awaits 😂

[unique-dominik]

Self-reply 1 for the docs: Yes, it is enough to just mount them like:

extraVolumeMounts:
  - name: ca-certs
    mountPath: /etc/ssl/certs/ca-certs.crt
    readOnly: true
    
extraVolumes:
  - name: ca-certs
    secret:
      defaultMode: 420
      secretName: ca-certs

[fforootd]

Nice, thanks for sharing, I think this becomes more relevant with each day 😁

[unique-dominik]

We are deploying at an FSI customer on premise and we need to fumble the chart a bit (user can never be root, fs changes must be made via securityContext etc. Once I have that stuff running I try to PR it if you are not faster.

[eliobischof]

This feature was just released

No, the feature for an inbound cert was released

[unique-dominik]

ℹ️ Not forgotten still, I track it in our JIRA to bring the code back here 🕐

[fforootd]

ℹ️ Not forgotten still, I track it in our JIRA to bring the code back here 🕐

Thanks for letting us know!