refactor: #91 allow setting of additional arbitrary environment varia…

…bles

step-certificates/README.md

@@ -134,10 +134,8 @@ chart and their default values.
 | `ca.db.accessModes`           | Persistent volume access mode                                                                               | `["ReadWriteOnce"]`                      |
 | `ca.db.size`                  | Persistent volume size                                                                                      | `10Gi`                                   |
 | `ca.db.existingClaim`         | Persistent volume existing claim name. If defined, PVC must be created manually before volume will be bound | `""`                                     |
-| `ca.kms.type`                 | Key management system to use.                                                                               | `""`                                     |
-| `ca.kms.id`                   | Identifier for KMS authentication (e.g. Azure KeyVault ClientID)                                            | `""`                                     |
-| `ca.kms.secret`               | Secret/password for KMS authentication (e.g. Azure KeyVault ClientSecret)                                   | `""`                                     |
-| `ca.kms.tenant`               | Tenant for KMS authentication (e.g. Azure KeyVault TenantID)                                                | `""`                                     |
+| `ca.kms`                      | Key management system to use.                                                                               | `""`                                     |
+| `ca.env`                      | Environment variables to set in `step-certificates` container.                                              | `[]`                                     |
 | `ca.runAsRoot`                | Run the CA as root.                                                                                         | `false`                                  |
 | `ca.bootstrap.postInitHook`   | Extra script snippet to run after `step ca init` has completed.                                             | `""`                                     |
 | `linkedca.token`              | The token used to configure step-ca using the linkedca mode.                                                | `""`                                     |

step-certificates/templates/ca.yaml

@@ -65,13 +65,8 @@ spec:
           env:
           - name: NAMESPACE
             value: "{{ .Release.Namespace }}"
-          {{- if .Values.ca.kms.type }}
-          - name: AZURE_CLIENT_ID
-            value: "{{ .Values.ca.kms.id }}"
-          - name: AZURE_CLIENT_SECRET
-            value: "{{ .Values.ca.kms.secret }}"
-          - name: AZURE_TENANT_ID
-            value: "{{ .Values.ca.kms.tenant }}"
+          {{- if .Values.ca.env }}
+            {{- toYaml .Values.ca.env | nindent 10 }}
           {{- end }}
           {{- if or .Values.linkedca.token (and .Values.linkedca.secretKeyRef.name .Values.linkedca.secretKeyRef.key) }}
           - name: STEP_CA_TOKEN

step-certificates/values.yaml

@@ -257,16 +257,10 @@ ca:
     - ReadWriteOnce
     # size is the Persistent Volume size.
     size: 10Gi
-  # kms contains the step-certificates key management system configuration
-  kms:
-    # type of KMS to use (e.g. azurekms for Azure KeyVault)
-    type: ""
-    # identifier for KMS credentials (e.g. service principal ClientID for Azure)
-    id: ""
-    # secret for KMS credentials (e.g. service principal ClientSecret for Azure)
-    secret: ""
-    # secret for KMS credentials (e.g. service principal ClientSecret for Azure)
-    tenant: ""
+  # kms type to utilize 
+  kms: ""
+  # additional environment variables to set in the step-certificates container
+  env: []
   # runAsRoot runs the ca as root instead of the step user. This is required in
   # some storage provisioners.
   runAsRoot: false