From 57d2450323c145726f31161d9b4689614c81ab7b Mon Sep 17 00:00:00 2001
From: engineering <engineering@codetogether.com>
Date: Mon, 21 Jul 2025 15:27:31 -0600
Subject: [PATCH 1/3] feat(charts, compose): add CT_TRUST_ALL_CERTS support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: #157
- values.yaml: introduce `java.trustAllCerts` (default false) to toggle CT_TRUST_ALL_CERTS
- deployment.yaml: inject `CT_TRUST_ALL_CERTS=true` into container env when `trustAllCerts` is enabled
- .env-template: add `CT_TRUST_ALL_CERTS` entry for Docker Compose
- compose.yml: reference `${CT_TRUST_ALL_CERTS}` in codetogether‑intel service
---
 charts/intel/templates/deployment.yaml | 4 ++++
 charts/intel/values.yaml               | 1 +
 compose/.env-template                  | 4 ++++
 compose/compose.yaml                   | 1 +
 4 files changed, 10 insertions(+)

diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml
index 8cdb59e..e5dac22 100644
--- a/charts/intel/templates/deployment.yaml
+++ b/charts/intel/templates/deployment.yaml
@@ -76,6 +76,10 @@ spec:
                   key: {{ .Values.java.customCacerts.trustStorePasswordKey }}
                   optional: true
             {{- end }}
+            {{- if .Values.java.trustAllCerts }}
+            - name: CT_TRUST_ALL_CERTS
+              value: "true"
+            {{- end }}
             {{- if .Values.ai.enabled }}
             - name: CT_HQ_OLLAMA_AI_URL
               value: {{ if eq .Values.ai.mode "bundled" }}
diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml
index 5587d5f..040f305 100644
--- a/charts/intel/values.yaml
+++ b/charts/intel/values.yaml
@@ -93,6 +93,7 @@ java:
   # Example:
   # customJavaOptions: "-Xms512m -Xmx2g -XX:+UseG1GC"
   customJavaOptions: ""
+  trusstAllCerts: false  # Set to 'true' to trust all certificates
 
 #
 # Enables and configures Ingress (default = Nginx). The className value can be used
diff --git a/compose/.env-template b/compose/.env-template
index 82fa77c..502b43d 100644
--- a/compose/.env-template
+++ b/compose/.env-template
@@ -51,3 +51,7 @@ DHPARAM_PEM=dhparam.pem
 # Uncomment the following lines to enable AI integration with Ollama
 #CT_HQ_OLLAMA_AI_URL=http://codetogether-llm:8000
 #CT_HQ_OLLAMA_AI_MODEL_NAME=gemma3:1b
+
+# Enable “to trust all certificates”
+CT_TRUST_ALL_CERTS=false
+
diff --git a/compose/compose.yaml b/compose/compose.yaml
index b443a7f..13d6c8d 100644
--- a/compose/compose.yaml
+++ b/compose/compose.yaml
@@ -42,6 +42,7 @@ services:
       - .env
     environment:
       - CT_HQ_BASE_URL=https://${INTEL_FQDN}
+      - CT_TRUST_ALL_CERTS=${CT_TRUST_ALL_CERTS}
     networks:
       - codetogethernet
     volumes:

From 1da442ae1be9caa856c0e6847f6d01c6f75d95f9 Mon Sep 17 00:00:00 2001
From: engineering <engineering@codetogether.com>
Date: Mon, 21 Jul 2025 15:48:43 -0600
Subject: [PATCH 2/3] refactor(charts): move trustAllCerts under codetogether
 section

- values.yaml: remove java.trustAllCerts; add codetogether.trustAllCerts (default false)
- deployment.yaml: guard CT_TRUST_ALL_CERTS injection on .Values.codetogether.trustAllCerts
---
 charts/intel/templates/deployment.yaml | 2 +-
 charts/intel/values.yaml               | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml
index e5dac22..b37a34f 100644
--- a/charts/intel/templates/deployment.yaml
+++ b/charts/intel/templates/deployment.yaml
@@ -76,7 +76,7 @@ spec:
                   key: {{ .Values.java.customCacerts.trustStorePasswordKey }}
                   optional: true
             {{- end }}
-            {{- if .Values.java.trustAllCerts }}
+            {{- if .Values.codetogether.trustAllCerts }}
             - name: CT_TRUST_ALL_CERTS
               value: "true"
             {{- end }}
diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml
index 040f305..3eb285f 100644
--- a/charts/intel/values.yaml
+++ b/charts/intel/values.yaml
@@ -38,6 +38,8 @@ imageCredentials:
 #
 codetogether:
   url: https://<server-fqdn>
+  trustAllCerts: false  # Set to 'true' to trust all certificates
+
 
 hqproperties:
   hq.sso.client.id: CLIENTID.apps.googleusercontent.com
@@ -93,7 +95,6 @@ java:
   # Example:
   # customJavaOptions: "-Xms512m -Xmx2g -XX:+UseG1GC"
   customJavaOptions: ""
-  trusstAllCerts: false  # Set to 'true' to trust all certificates
 
 #
 # Enables and configures Ingress (default = Nginx). The className value can be used

From a5b3b58208eaa2cad7f6b6726d9cfdcd80108a5a Mon Sep 17 00:00:00 2001
From: engineering <engineering@codetogether.com>
Date: Mon, 21 Jul 2025 15:53:36 -0600
Subject: [PATCH 3/3] fix(compose): remove redundant CT_TRUST_ALL_CERTS env
 entry

- Drop explicit `CT_TRUST_ALL_CERTS` from the `environment` section in the `codetogether-intel` service
- Rely on `env_file: .env` to inject the variable
---
 compose/compose.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/compose/compose.yaml b/compose/compose.yaml
index 13d6c8d..b443a7f 100644
--- a/compose/compose.yaml
+++ b/compose/compose.yaml
@@ -42,7 +42,6 @@ services:
       - .env
     environment:
       - CT_HQ_BASE_URL=https://${INTEL_FQDN}
-      - CT_TRUST_ALL_CERTS=${CT_TRUST_ALL_CERTS}
     networks:
       - codetogethernet
     volumes: