|
|
|
|
@ -34,17 +34,11 @@ spec: |
|
|
|
|
securityContext: |
|
|
|
|
{{- toYaml . | nindent 8 }} |
|
|
|
|
{{- end }} |
|
|
|
|
{{- if or .Values.oauth.clientSecret .Values.oauth.audience }} |
|
|
|
|
volumes: |
|
|
|
|
{{- if .Values.oauth.clientSecret }} |
|
|
|
|
{{- if .Values.oauthSecretVolume }} |
|
|
|
|
- name: oauth |
|
|
|
|
{{- with .Values.oauthSecretVolume }} |
|
|
|
|
{{- toYaml . | nindent 10 }} |
|
|
|
|
{{- else }} |
|
|
|
|
secret: |
|
|
|
|
secretName: operator-oauth |
|
|
|
|
{{- end }} |
|
|
|
|
{{- else }} |
|
|
|
|
{{- toYaml .Values.oauthSecretVolume | nindent 10 }} |
|
|
|
|
{{- else if .Values.oauth.audience }} |
|
|
|
|
- name: oidc-jwt |
|
|
|
|
projected: |
|
|
|
|
defaultMode: 420 |
|
|
|
|
@ -53,8 +47,11 @@ spec: |
|
|
|
|
audience: {{ .Values.oauth.audience }} |
|
|
|
|
expirationSeconds: 3600 |
|
|
|
|
path: token |
|
|
|
|
{{- else }} |
|
|
|
|
- name: oauth |
|
|
|
|
secret: |
|
|
|
|
secretName: operator-oauth |
|
|
|
|
{{- end }} |
|
|
|
|
{{- end }} |
|
|
|
|
containers: |
|
|
|
|
- name: operator |
|
|
|
|
{{- with .Values.operatorConfig.securityContext }} |
|
|
|
|
@ -85,7 +82,7 @@ spec: |
|
|
|
|
value: {{ .Values.loginServer }} |
|
|
|
|
- name: OPERATOR_INGRESS_CLASS_NAME |
|
|
|
|
value: {{ .Values.ingressClass.name }} |
|
|
|
|
{{- if .Values.oauth.clientSecret }} |
|
|
|
|
{{- if .Values.oauthSecretVolume }} |
|
|
|
|
- name: CLIENT_ID_FILE |
|
|
|
|
value: /oauth/client_id |
|
|
|
|
- name: CLIENT_SECRET_FILE |
|
|
|
|
@ -93,6 +90,11 @@ spec: |
|
|
|
|
{{- else if .Values.oauth.audience }} |
|
|
|
|
- name: CLIENT_ID |
|
|
|
|
value: {{ .Values.oauth.clientId }} |
|
|
|
|
{{- else }} |
|
|
|
|
- name: CLIENT_ID_FILE |
|
|
|
|
value: /oauth/client_id |
|
|
|
|
- name: CLIENT_SECRET_FILE |
|
|
|
|
value: /oauth/client_secret |
|
|
|
|
{{- end }} |
|
|
|
|
{{- $proxyTag := printf ":%s" ( .Values.proxyConfig.image.tag | default .Chart.AppVersion )}} |
|
|
|
|
- name: PROXY_IMAGE |
|
|
|
|
@ -118,18 +120,20 @@ spec: |
|
|
|
|
{{- with .Values.operatorConfig.extraEnv }} |
|
|
|
|
{{- toYaml . | nindent 12 }} |
|
|
|
|
{{- end }} |
|
|
|
|
{{- if or .Values.oauth.clientSecret .Values.oauth.audience }} |
|
|
|
|
volumeMounts: |
|
|
|
|
{{- if .Values.oauth.clientSecret }} |
|
|
|
|
- name: oauth |
|
|
|
|
mountPath: /oauth |
|
|
|
|
readOnly: true |
|
|
|
|
{{- else }} |
|
|
|
|
- name: oidc-jwt |
|
|
|
|
mountPath: /var/run/secrets/tailscale/serviceaccount |
|
|
|
|
readOnly: true |
|
|
|
|
{{- end }} |
|
|
|
|
{{- end }} |
|
|
|
|
{{- if .Values.oauthSecretVolume }} |
|
|
|
|
- name: oauth |
|
|
|
|
mountPath: /oauth |
|
|
|
|
readOnly: true |
|
|
|
|
{{- else if .Values.oauth.audience }} |
|
|
|
|
- name: oidc-jwt |
|
|
|
|
mountPath: /var/run/secrets/tailscale/serviceaccount |
|
|
|
|
readOnly: true |
|
|
|
|
{{- else }} |
|
|
|
|
- name: oauth |
|
|
|
|
mountPath: /oauth |
|
|
|
|
readOnly: true |
|
|
|
|
{{- end }} |
|
|
|
|
{{- with .Values.operatorConfig.nodeSelector }} |
|
|
|
|
nodeSelector: |
|
|
|
|
{{- toYaml . | nindent 8 }} |
|
|
|
|
|
Tom Meadows
4 months ago
committed by
GitHub