Merge pull request #125 from aiyengar2/support_non_domain_joined

Add credential.hostAccountConfig for CCG scenario

charts/README.md

@@ -42,6 +42,9 @@ The following table lists the configurable parameters of the latest GMSA chart a
 | `credential.domainJoinConfig.machineAccountName`      | username of the GMSA account                                      |                                                       |
 | `credential.domainJoinConfig.netBiosName`             | NETBIOS Domain Name                                               |                                                       |
 | `credential.domainJoinConfig.sid`                     | SID                                                               |                                                       |
+| `credential.hostAccountConfig.pluginGUID`             | GUID of CCG Plugin                                                |                                                       |
+| `credential.hostAccountConfigg.portableCcgVersion`    | Version of CCG Plugin                                             | `1`                                                   |
+| `credential.hostAccountConfig.pluginInput`            | Input to CCG Plugin                                               |                                                       |
 | `image.repository`                                    | image repository                                                  | `registry.k8s.io/gmsa-webhook/k8s-gmsa-webhook`       |
 | `image.tag`                                           | image tag                                                         | `v0.4.0`                                              |
 | `image.imagePullPolicy`                               | image pull policy                                                 | `IfNotPresent`                                        |

charts/gmsa/templates/credentialspec.yaml

@@ -7,17 +7,23 @@ metadata:
 credspec:
   ActiveDirectoryConfig:
     GroupManagedServiceAccounts:
-      - Name: {{ .Values.credential.domainJoinConfig.machineAccountName }}   #Username of the GMSA account
-        Scope: {{ .Values.credential.domainJoinConfig.netBiosName }}  #NETBIOS Domain Name
-      - Name: {{ .Values.credential.domainJoinConfig.machineAccountName }}   #Username of the GMSA account
-        Scope: {{ .Values.credential.domainJoinConfig.dnsName }} #DNS Domain Name
+      - Name: {{ .Values.credential.domainJoinConfig.machineAccountName }} # Username of the GMSA account
+        Scope: {{ .Values.credential.domainJoinConfig.netBiosName }} # NETBIOS Domain Name
+      - Name: {{ .Values.credential.domainJoinConfig.machineAccountName }} # Username of the GMSA account
+        Scope: {{ .Values.credential.domainJoinConfig.dnsName }} # DNS Domain Name
+{{- if .Values.credential.hostAccountConfig }}
+    HostAccountConfig:
+      PortableCcgVersion: {{ required "credential.hostAccountConfig.portableCCGVersion must be provided if credential.hostAccountConfig is set" .Values.credential.hostAccountConfig.portableCcgVersion | quote }} # This needs to equal the current version of CCG which right now is '1'
+      PluginGUID:   {{ printf "{%s}" (required "credential.hostAccountConfig.pluginGUID must be provided if credential.hostAccountConfig is set" .Values.credential.hostAccountConfig.pluginGUID) | quote }} # CCG Plugin GUID
+      PluginInput: {{ required "credential.hostAccountConfig.pluginInput must be provided if credential.hostAccountConfig is set" .Values.credential.hostAccountConfig.pluginInput | quote }} # Format of this field is dependent upon specific CCG Plugin
+{{- end }}
   CmsPlugins:
     - ActiveDirectory
   DomainJoinConfig:
-    DnsName: {{ .Values.credential.domainJoinConfig.dnsName }} #DNS Domain Name
-    DnsTreeName:  {{ .Values.credential.domainJoinConfig.dnsName }} #DNS Domain Name Root
-    Guid:  {{ .Values.credential.domainJoinConfig.guid }} #GUID
-    MachineAccountName:  {{ .Values.credential.domainJoinConfig.machineAccountName }} #Username of the GMSA account
-    NetBiosName:  {{ .Values.credential.domainJoinConfig.netBiosName }} #NETBIOS Domain Name
-    Sid:  {{ .Values.credential.domainJoinConfig.sid }} #SID of GMSA
+    DnsName: {{ .Values.credential.domainJoinConfig.dnsName }} # DNS Domain Name
+    DnsTreeName:  {{ .Values.credential.domainJoinConfig.dnsTreeName }} # DNS Domain Name Root
+    Guid:  {{ .Values.credential.domainJoinConfig.guid }} # GUID of Domain
+    MachineAccountName:  {{ .Values.credential.domainJoinConfig.machineAccountName }} # Username of the GMSA account
+    NetBiosName:  {{ .Values.credential.domainJoinConfig.netBiosName }} # NETBIOS Domain Name
+    Sid:  {{ .Values.credential.domainJoinConfig.sid }} # SID of Domain
 {{- end -}}

charts/gmsa/values.yaml

@@ -10,13 +10,17 @@ certificates:
 
 credential:
   enabled: false
+  hostAccountConfig: {}
+    # pluginGUID: "" # CCG Plugin GUID
+    # portableCcgVersion: "1" # This needs to equal the current version of CCG which right now is '1'
+    # pluginInput: "" # Format of this field is dependent upon specific CCG Plugin
   domainJoinConfig:
-    dnsName: ""  #DNS Domain Name
-    dnsTreeName: "" #DNS Domain Name Root
-    guid: ""  #GUID
-    machineAccountName: "" #Username of the GMSA account
-    netBiosName: ""  #NETBIOS Domain Name
-    sid: "" #SID of GMSA
+    dnsName: "" # DNS Domain Name
+    dnsTreeName: "" # DNS Domain Name Root
+    guid: "" # GUID of Domain
+    machineAccountName: "" # Username of the GMSA account
+    netBiosName: "" # NETBIOS Domain Name
+    sid: "" # SID of Domain
 
 containerPort: "443"
 
@@ -25,7 +29,7 @@ image:
   tag: v0.7.0
   imagePullPolicy: IfNotPresent
 
-# if true, will add os fields to pod specs for K8s versions where feature is in beta (v1.24+)
+# If true, will add os fields to pod specs for K8s versions where feature is in beta (v1.24+)
 setPodOs: true
 
 global: