Skip to content

Commit

Permalink
docs: #91 update README to reflect new chart config options as well a…
Browse files Browse the repository at this point in the history 
…s example values.yaml
  • Loading branch information
@Cpcrook
Cpcrook committed Feb 15, 2022
1 parent afa6aeb commit 52e6ba7
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 4 deletions.
4 changes: 4 additions & 0 deletions step-certificates/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,10 @@ chart and their default values.
| `ca.db.accessModes` | Persistent volume access mode | `["ReadWriteOnce"]` |
| `ca.db.size` | Persistent volume size | `10Gi` |
| `ca.db.existingClaim` | Persistent volume existing claim name. If defined, PVC must be created manually before volume will be bound | `""` |
| `ca.kms.type` | Key management system to use. | `""` |
| `ca.kms.id` | Identifier for KMS authentication (e.g. Azure KeyVault ClientID) | `""` |
| `ca.kms.secret` | Secret/password for KMS authentication (e.g. Azure KeyVault ClientSecret) | `""` |
| `ca.kms.tenant` | Tenant for KMS authentication (e.g. Azure KeyVault TenantID) | `""` |
| `ca.runAsRoot` | Run the CA as root. | `false` |
| `ca.bootstrap.postInitHook` | Extra script snippet to run after `step ca init` has completed. | `""` |
| `linkedca.token` | The token used to configure step-ca using the linkedca mode. | `""` |
Expand Down
8 changes: 5 additions & 3 deletions step-certificates/templates/ca.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,13 @@ spec:
env:
- name: NAMESPACE
value: "{{ .Release.Namespace }}"
{{- if eq .Values.ca.kms.type "azurekms"}}
{{- if .Values.ca.kms.type }}
- name: AZURE_CLIENT_ID
value: {{ .Values.ca.kms.id | quote }}
value: "{{ .Values.ca.kms.id }}"
- name: AZURE_CLIENT_SECRET
value: {{ .Values.ca.kms.secret | quote }}
value: "{{ .Values.ca.kms.secret }}"
- name: AZURE_TENANT_ID
value: "{{ .Values.ca.kms.tenant }}"
{{- end }}
{{- if or .Values.linkedca.token (and .Values.linkedca.secretKeyRef.name .Values.linkedca.secretKeyRef.key) }}
- name: STEP_CA_TOKEN
Expand Down
1 change: 1 addition & 0 deletions step-certificates/templates/configmaps.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ data:
--provisioner "{{.Values.ca.provisioner.name}}" \
--with-ca-url "{{include "step-certificates.url" .}}" \
--password-file "$TMP_CA_PASSWORD" \
{{ if not (eq .Values.ca.kms.type "") }}--kms="{{.Values.ca.kms.type}}" \{{ end }}
--provisioner-password-file "$TMP_CA_PROVISIONER_PASSWORD" {{ if not .Values.ca.db.enabled }}--no-db{{ end }}
rm -f $TMP_CA_PASSWORD $TMP_CA_PROVISIONER_PASSWORD
Expand Down
12 changes: 11 additions & 1 deletion step-certificates/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ ca:
name: admin
# password is the password used to encrypt the provisioner private key.
password:
# db contains the step-certificate dataabase configuration.
# db contains the step-certificate database configuration.
db:
# enabled defines if the database is enabled.
enabled: true
Expand All @@ -257,6 +257,16 @@ ca:
- ReadWriteOnce
# size is the Persistent Volume size.
size: 10Gi
# kms contains the step-certificates key management system configuration
kms:
# type of KMS to use (e.g. azurekms for Azure KeyVault)
type: ""
# identifier for KMS credentials (e.g. service principal ClientID for Azure)
id: ""
# secret for KMS credentials (e.g. service principal ClientSecret for Azure)
secret: ""
# secret for KMS credentials (e.g. service principal ClientSecret for Azure)
tenant: ""
# runAsRoot runs the ca as root instead of the step user. This is required in
# some storage provisioners.
runAsRoot: false
Expand Down

0 comments on commit 52e6ba7

Please sign in to comment.