From ff8275fb4e77f38d337dceda949136a7632c2855 Mon Sep 17 00:00:00 2001
From: Erik Duxstad <eduxstad@gmail.com>
Date: Mon, 23 Jun 2025 23:21:29 -0700
Subject: [PATCH] :memo:(self-hosted) update collaboration vars (#1075)

Remove the `auth-url` annotation and add the
`COLLABORATION_BACKEND_BASE_URL` variable, introduced in 3.0.0.

Mount the development CA to the yProvider container to allow
TLS connections with the backend.

Fix the mount path for development CA in the backend container.

Signed-off-by: eduxstad <eduxstad@gmail.com>
---
 docs/examples/impress.values.yaml | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/docs/examples/impress.values.yaml b/docs/examples/impress.values.yaml
index ce28e4c4..7d203378 100644
--- a/docs/examples/impress.values.yaml
+++ b/docs/examples/impress.values.yaml
@@ -85,7 +85,7 @@ backend:
   # Extra volume to manage our local custom CA and avoid to set ssl_verify: false
   extraVolumeMounts:
     - name: certs
-      mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
+      mountPath: /usr/local/lib/python3.13/site-packages/certifi/cacert.pem
       subPath: cacert.pem
 
   # Extra volume to manage our local custom CA and avoid to set ssl_verify: false
@@ -121,6 +121,22 @@ yProvider:
     COLLABORATION_SERVER_ORIGIN: https://impress.127.0.0.1.nip.io
     COLLABORATION_SERVER_SECRET: my-secret
     Y_PROVIDER_API_KEY: my-secret
+    COLLABORATION_BACKEND_BASE_URL: https://impress.127.0.0.1.nip.io
+    NODE_EXTRA_CA_CERTS: /usr/local/share/ca-certificates/cacert.pem
+
+  # Mount the certificate so yProvider can establish tls with the backend
+  extraVolumeMounts:
+    - name: certs
+      mountPath: /usr/local/share/ca-certificates/cacert.pem
+      subPath: cacert.pem
+
+  extraVolumes:
+    - name: certs
+      configMap:
+        name: certifi
+        items:
+        - key: cacert.pem
+          path: cacert.pem
 
 posthog:
   ingress:
@@ -135,9 +151,6 @@ ingress:
 ingressCollaborationWS:
   enabled: true
   host: impress.127.0.0.1.nip.io
-  
-  annotations:
-    nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/collaboration-auth/
 
 ingressCollaborationApi:
   enabled: true