useDefaultSecrets

- A boolean, defaulting to true, which will preserve functionality for people who have opted to create their own secrets but don't use an external secret store. Fixes: tailscale#11270 Signed-off-by: Paul Stølen <paul@cybr.ai>
5 months ago · ec27950eb2
parent 710adab110
commit ec27950eb2
2 changed files with 7 additions and 2 deletions
--- a/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
+++ b/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
@ -35,7 +35,7 @@ spec:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
-      {{- if and .Values.oauth .Values.oauth.clientId }}
+      {{- if .Values.operatorConfig.useDefaultSecrets }}
        - name: oauth
          secret:
            secretName: operator-oauth
@ -83,7 +83,7 @@ spec:
            - name: PROXY_FIREWALL_MODE
              value: {{ .Values.proxyConfig.firewallMode }}
          volumeMounts:
-          {{- if and .Values.oauth .Values.oauth.clientId }}
+          {{- if .Values.operatorConfig.useDefaultSecrets }}
            - name: oauth
              mountPath: /oauth
              readOnly: true
--- a/cmd/k8s-operator/deploy/chart/values.yaml
+++ b/cmd/k8s-operator/deploy/chart/values.yaml
@ -21,6 +21,11 @@ operatorConfig:
  # Multiple tags are defined as array items and passed to the operator as a comma-separated string
  defaultTags:
    - "tag:k8s-operator"
+
+  # Set useDefaultSecrets to false if you want to use a secretProviderClass,
+  # or otherwise don't want the default secret to be used
+  useDefaultSecrets: true
+
  # Extra volumes to be mounted in the operator pod. This is useful for mounting
  # secrets from secretProviderClass resources.
  extraVolumes: []