From e743addd5d6ef181d107ae84ab30f3361730c9fb Mon Sep 17 00:00:00 2001
From: Martin Norbury <martin.norbury@gmail.com>
Date: Fri, 3 Jan 2025 11:07:29 +0000
Subject: [PATCH] fix: Use a shared volume for the `CQAPI_LOCAL_AES_KEY_FILE`
 (#529)

This is to fix the incoming `cloud` container upgrade where the container now runs as a non-root user

Refs: https://github.com/cloudquery/helm-charts/pull/527
---
 charts/platform/templates/deployments.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/charts/platform/templates/deployments.yaml b/charts/platform/templates/deployments.yaml
index 0393c86a..cd972820 100644
--- a/charts/platform/templates/deployments.yaml
+++ b/charts/platform/templates/deployments.yaml
@@ -52,6 +52,8 @@ spec:
                 secretKeyRef:
                   name: {{ include "platform.fullName" . }}-secrets
                   key: clickhouseDSN
+            - name: CQAPI_LOCAL_AES_KEY_FILE
+              value: "/shared/encrypted_aes_key.bin"
             - name: CQAPI_LOCAL_JWT_PRIVATE_KEY
               valueFrom:
                   secretKeyRef:
@@ -80,10 +82,14 @@ spec:
           {{- with .Values.volumeMounts }}
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          - name: shared
+            mountPath: /shared
       volumes:
       {{- with .Values.volumes }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      - name: shared
+        emptyDir: {}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}