Added ability for the operator to trust self-signed certs

craigmiller160 · craigmiller160 · commit f9d61c6c733e · 2024-09-29T22:07:11.000-04:00
diff --git a/charts/connect/README.md b/charts/connect/README.md
@@ -157,6 +157,7 @@ helm install --set connect.applicationName=connect connect ./connect
 | operator.watchNamespace             | list       | `[]`                               | A list of namespaces for the 1Password Operator to watch and manage. Use the empty list to watch all namespaces.                                                                                   |
 | operator.resources                  | object     | `{}`                               | The resources requests/limits for the 1Password Operator pod                                                                                                                                       |
 | operator.customEnvVars              | array      | `[]`                               | Custom environment variables for the 1Password Operator container that are not specified in this helm chart.                                                                                       |
+| operator.tls.trust.secret           | string     | `op-connect-tls`                   | The name of the secret containing the TLS certificate (tls.crt) used by the 1Password Connect API. This is used if that cert is a self-signed cert that needs to be trusted by the Operator.       |
 
 #### Custom Environment Variables
 
diff --git a/charts/connect/templates/operator-deployment.yaml b/charts/connect/templates/operator-deployment.yaml
@@ -46,6 +46,12 @@ spec:
       tolerations:
       {{- toYaml .Values.operator.tolerations | nindent 8 }}
       serviceAccountName: {{ .Values.operator.serviceAccount.name }}
+      volumes:
+        {{- if .Values.operator.tls.trust.secret }}
+        - name: tls-trust
+          secret:
+            secretName: {{ .Values.operator.tls.trust.secret }}
+        {{- end }}
       containers:
         - name: {{ .Values.connect.applicationName }}
           image: {{ .Values.operator.imageRepository }}:{{ .Values.operator.version | default "latest" }}
@@ -83,8 +89,17 @@ spec:
             - name: {{ .name }}
               value: {{ .value }}
             {{- end }}
+            {{- if .Values.operator.tls.trust.secret }}
+            - name: SSL_CERT_FILE
+              value: /tls/trust/tls.crt
+            {{- end }}
           resources:
             {{- toYaml .Values.operator.resources | nindent 12 }}
+          volumeMounts:
+            {{- if .Values.operator.tls.trust.secret }}
+            - mountPath: /tls/trust
+              name: tls-trust
+            {{- end}}
       {{- with .Values.operator.imagePullSecrets }}
       imagePullSecrets:
       {{- range . }}
diff --git a/charts/connect/values.yaml b/charts/connect/values.yaml
@@ -378,6 +378,15 @@ operator:
   #   value: VARIABLE_VALUE
   customEnvVars: []
 
+  # 1Password Operator TLS settings
+  tls:
+
+    # 1Password Operator TLS trust settings
+    trust: {}
+
+      # 1Password operator should trust the certificate in this secret
+      # secret:
+
 # 1Password Acceptance Tests Functionality
 acceptanceTests:
   enabled: false
