From 5769eba54140be57aa55a66c63c94e340648e124 Mon Sep 17 00:00:00 2001 From: Conner <20548516+ConProgramming@users.noreply.github.com> Date: Tue, 26 May 2026 11:38:17 -0500 Subject: [PATCH] feat(chart/supervisor): expose extraVolumes / extraVolumeMounts Mirrors the existing pattern on webapp + electric. Lets operators mount additional volumes into the supervisor container without forking the chart. Common cases: enterprise CA bundle for the supervisor's API client, custom config files, etc. Defaults preserve current behavior. Co-authored-by: Cursor --- hosting/k8s/helm/templates/supervisor.yaml | 14 ++++++-- hosting/k8s/helm/values.yaml | 38 ++++++++++++++++++++++ 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/hosting/k8s/helm/templates/supervisor.yaml b/hosting/k8s/helm/templates/supervisor.yaml index 11fd7a7f6d9..5bd6955789e 100644 --- a/hosting/k8s/helm/templates/supervisor.yaml +++ b/hosting/k8s/helm/templates/supervisor.yaml @@ -241,17 +241,23 @@ spec: {{- with .Values.supervisor.extraEnvVars }} {{- toYaml . | nindent 12 }} {{- end }} - {{- if not .Values.webapp.bootstrap.enabled }} + {{- if or (not .Values.webapp.bootstrap.enabled) .Values.supervisor.extraVolumeMounts }} volumeMounts: + {{- if not .Values.webapp.bootstrap.enabled }} - name: shared mountPath: /home/node/shared + {{- end }} + {{- with .Values.supervisor.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} {{- with .Values.supervisor.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} - {{- if not .Values.webapp.bootstrap.enabled }} + {{- if or (not .Values.webapp.bootstrap.enabled) .Values.supervisor.extraVolumes }} volumes: + {{- if not .Values.webapp.bootstrap.enabled }} - name: shared {{- if .Values.persistence.shared.enabled }} persistentVolumeClaim: @@ -259,6 +265,10 @@ spec: {{- else }} emptyDir: {} {{- end }} + {{- end }} + {{- with .Values.supervisor.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- with .Values.supervisor.nodeSelector }} nodeSelector: diff --git a/hosting/k8s/helm/values.yaml b/hosting/k8s/helm/values.yaml index 062bebf9c7f..dba6c2c77ac 100644 --- a/hosting/k8s/helm/values.yaml +++ b/hosting/k8s/helm/values.yaml @@ -336,6 +336,44 @@ supervisor: # - name: CUSTOM_VAR # value: "custom-value" + # Extra volumes added to the Supervisor pod. + # + # Mirrors the `webapp.extraVolumes` pattern. The most common use case is + # mounting an enterprise CA bundle into the supervisor so it can validate + # TLS connections to the trigger.dev webapp, an internal image registry, + # or any other service the supervisor calls. Pair with a matching + # `extraVolumeMounts` entry below and a `NODE_EXTRA_CA_CERTS` env var in + # `supervisor.extraEnvVars`. + extraVolumes: + [] + # - name: config-volume + # configMap: + # name: my-config + # + # Example: enterprise CA bundle ConfigMap + # - name: ca-bundle + # configMap: + # name: enterprise-ca-bundle + # items: + # - key: ca.crt + # path: ca.crt + + # Extra volume mounts added to the Supervisor container. + extraVolumeMounts: + [] + # - name: config-volume + # mountPath: /etc/config + # readOnly: true + # + # Example: enterprise CA bundle mount. + # Combine with: + # supervisor.extraEnvVars: + # - name: NODE_EXTRA_CA_CERTS + # value: /etc/ssl/enterprise-ca/ca.crt + # - name: ca-bundle + # mountPath: /etc/ssl/enterprise-ca + # readOnly: true + # ServiceMonitor for Prometheus monitoring serviceMonitor: enabled: false