Skip to content

Commit

Permalink
Support overriding cert reload CLI flag
Browse files Browse the repository at this point in the history 
--cert-reload flag defaults to false. we can override by running
helm install with --set certificates.certReload.enabled=true
  • Loading branch information
@ycheng-kareo
ycheng-kareo committed Feb 27, 2024
1 parent e934563 commit 50b1364
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 0 deletions.
2 changes: 2 additions & 0 deletions admission-webhook/deploy/gmsa-webhook.yml.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,8 @@ spec:
value: /tls/key
- name: TLS_CRT
value: /tls/crt
args:
- --cert-reload=true
volumes:
- name: tls
secret:
Expand Down
1 change: 1 addition & 0 deletions charts/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ The following table lists the configurable parameters of the latest GMSA chart a
| `certificates.certManager.version` | version of cert manager | |
| `certificates.caBundle` | cert-manager disabled, add self-signed ca.crt in base64 format | |
| `certificates.secretName` | cert-manager disabled, upload certs data as k8s secretName | `gmsa-server-cert` |
| `certificates.certReload.enabled` | enable cert reload on changes | `false` |
| `credential.enabled` | enable creation of GMSA Credential | `true` |
| `credential.domainJoinConfig.dnsName` | DNS Domain Name | |
| `credential.domainJoinConfig.dnsTreeName` | DNS Domain Name Root | |
Expand Down
2 changes: 2 additions & 0 deletions charts/gmsa/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ spec:
{{- if .Values.securityContext }}
securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
{{- end }}
args:
- --cert-reload={{ .Values.certificates.certReload.enabled }}
volumes:
- name: tls
secret:
Expand Down
3 changes: 3 additions & 0 deletions charts/gmsa/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ certificates:
caBundle: ""
# If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace
secretName: gmsa-server-cert
certReload:
# Enable cert reload when the certs change
enabled: false

credential:
enabled: false
Expand Down

0 comments on commit 50b1364

Please sign in to comment.