fix: gateway helm permission errors

2026-01-07 22:53:55 -05:00 · 2025-12-09 12:20:48 +04:00
parent a52a5c22f8
commit dffcca5375
3 changed files with 19 additions and 3 deletions
--- a/helm-charts/infisical-gateway/Chart.yaml
+++ b/helm-charts/infisical-gateway/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.3
+version: 1.0.4

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.0.3"
+appVersion: "1.0.4"
--- a/helm-charts/infisical-gateway/templates/deployment.yaml
+++ b/helm-charts/infisical-gateway/templates/deployment.yaml
@@ -29,6 +29,11 @@ spec:
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      volumes:
+        - name: infisical-gateway-session-recordings-data
+          emptyDir: {}
+        - name: infisical-gateway-cached-relay-data
+          emptyDir: {}
      containers:
        - name: {{ .Chart.Name }}
          {{- with .Values.securityContext }}
@@ -40,6 +45,7 @@ spec:
          args:
            - gateway
            - start
+            - --pam-session-recording-path={{ .Values.gateway.pamSessionRecordingsDirectory | default "/var/lib/infisical/session_recordings" }}
          envFrom:
            - secretRef:
                name: {{ .Values.secret.name }}
@@ -47,6 +53,11 @@ spec:
            - name: http
              containerPort: {{ .Values.service.port }}
              protocol: TCP
+          volumeMounts:
+            - name: infisical-gateway-session-recordings-data
+              mountPath: {{ .Values.gateway.pamSessionRecordingsDirectory | default "/var/lib/infisical/session_recordings" }}
+            - name: infisical-gateway-cached-relay-data
+              mountPath: /var/lib/infisical
          {{- with .Values.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
--- a/helm-charts/infisical-gateway/values.yaml
+++ b/helm-charts/infisical-gateway/values.yaml
@@ -1,12 +1,17 @@
 image:
  repository: infisical/cli
-  tag: "0.43.0"
+  tag: "0.43.39"
  pullPolicy: IfNotPresent

 secret:
  # The secret that contains the environment variables to be used by the gateway, such as INFISICAL_API_URL and TOKEN
  name: "infisical-gateway-environment"

+gateway:
+  # Specify where to save PAM session recordings. This directory will always be created when the gateway starts.
+  # Defaults to /var/lib/infisical/session_recordings.
+  pamSessionRecordingsDirectory: /var/lib/infisical/session_recordings
+
 resources:
  limits:
    cpu: 500m