Skip to content

Commit 2fc14d7

Browse files
estenryemaraino
estenrye
authored and
maraino
committed
Adds ability to optionally inject ssh and x509 data.
Adds the `enabled` flag to these secrets sections to allow the user to optionally disable injection of these certs and keys. Addresses #52
1 parent b4f726c commit 2fc14d7

File tree

3 files changed

+12
-0
lines changed

3 files changed

+12
-0
lines changed

step-certificates/templates/configmaps.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,12 +33,16 @@ metadata:
3333
{{- include "step-certificates.labels" . | nindent 4 }}
3434
{{- if .Values.inject.enabled }}
3535
data:
36+
{{- if .Values.inject.secrets.x509.enabled }}
3637
intermediate_ca.crt: |-
3738
{{- .Values.inject.certificates.intermediate_ca | nindent 4 }}
3839
root_ca.crt: |-
3940
{{- .Values.inject.certificates.root_ca | nindent 4 }}
41+
{{- end }}
42+
{{- if .Values.inject.secrets.ssh.enabled }}
4043
ssh_host_ca_key.pub: {{ .Values.inject.certificates.ssh_host_ca }}
4144
ssh_user_ca_key.pub: {{ .Values.inject.certificates.ssh_user_ca }}
45+
{{- end }}
4246
{{- end }}
4347
{{- end }}
4448
---

step-certificates/templates/secrets.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,12 +40,16 @@ metadata:
4040
name: {{ include "step-certificates.fullname" . }}-secrets
4141
namespace: {{ .Release.Namespace }}
4242
stringData:
43+
{{- if .Values.inject.secrets.x509.enabled }}
4344
intermediate_ca_key: |-
4445
{{- .Values.inject.secrets.x509.intermediate_ca_key | nindent 4 }}
4546
root_ca_key: |-
4647
{{- .Values.inject.secrets.x509.root_ca_key | nindent 4 }}
48+
{{- end }}
49+
{{- if .Values.inject.secrets.ssh.enabled }}
4750
ssh_host_ca_key: |-
4851
{{- .Values.inject.secrets.ssh.host_ca_key | nindent 4 }}
4952
ssh_user_ca_key: |-
5053
{{- .Values.inject.secrets.ssh.user_ca_key | nindent 4 }}
54+
{{- end}}
5155
{{- end }}

step-certificates/values.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,8 @@ inject:
134134
provisioner_password: Cg==
135135

136136
x509:
137+
# enabled disables injection of x509 certificates and keys when set to false.
138+
enabled: true
137139
# intermediate_ca_key contains the contents of your encrypted intermediate CA key
138140
intermediate_ca_key: ""
139141
# intermediate_ca_key: |
@@ -152,6 +154,8 @@ inject:
152154
# -----END EC PRIVATE KEY-----
153155

154156
ssh:
157+
# enabled disables injection of ssh certificates and keys when set to false.
158+
enabled: true
155159
# ssh_host_ca_key contains the contents of your encrypted SSH Host CA key
156160
host_ca_key: ""
157161
# host_ca_key: |

0 commit comments

Comments
 (0)