From cf43a47a4187455dc23f93ddd1b5c23229cf2e79 Mon Sep 17 00:00:00 2001 From: Craig Miller Date: Wed, 17 Jul 2024 20:51:15 -0400 Subject: [PATCH] Adding trust cert feature to operator --- charts/connect/README.md | 1 + .../connect/templates/operator-deployment.yaml | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/charts/connect/README.md b/charts/connect/README.md index a4976f2..65898ca 100644 --- a/charts/connect/README.md +++ b/charts/connect/README.md @@ -128,6 +128,7 @@ helm install --set connect.applicationName=connect connect ./connect | operator.watchNamespace | list | `[]` | A list of namespaces for the 1Password Operator to watch and manage. Use the empty list to watch all namespaces. | | operator.resources | object | `{}` | The resources requests/limits for the 1Password Operator pod | | operator.customEnvVars | array | `[]` | Custom environment variables for the 1Password Operator container that are not specified in this helm chart. | +| operator.tls.trust.secret | string | `op-connect-tls` | The name of the secret containing the TLS certificate (tls.crt) used by the 1Password Connect API. This is used if that cert is a self-signed cert that needs to be trusted by the Operator. | #### Custom Environment Variables diff --git a/charts/connect/templates/operator-deployment.yaml b/charts/connect/templates/operator-deployment.yaml index 62c741e..1afebd8 100644 --- a/charts/connect/templates/operator-deployment.yaml +++ b/charts/connect/templates/operator-deployment.yaml @@ -39,6 +39,12 @@ spec: tolerations: {{ toYaml .Values.operator.tolerations | indent 8 }} serviceAccountName: {{ .Values.operator.serviceAccount.name }} + volumes: + {{- if .Values.operator.tls.trust.secret }} + - name: tls-trust + secret: + secretName: {{ .Values.operator.tls.trust.secret }} + {{- end }} containers: - name: {{ .Values.connect.applicationName }} image: {{ .Values.operator.imageRepository }}:{{ .Values.operator.version | default "latest" }} @@ -75,7 +81,16 @@ spec: {{- range .Values.operator.customEnvVars}} - name: {{ .name }} value: {{ .value }} - {{- end }} + {{- end }} + {{- if .Values.operator.tls.trust.secret }} + - name: SSL_CERT_FILE + value: /tls/trust/tls.crt + {{- end }} resources: {{- toYaml .Values.operator.resources | nindent 12 }} + volumeMounts: + {{- if .Values.operator.tls.trust.secret }} + - mountPath: /tls/trust + name: tls-trust + {{- end}} {{- end }}