HelmChart is not passing the --caFile arg with repoCAConfigMap is set

Question

HelmChart is not passing the --caFile arg with repoCAConfigMap is set

rkesters opened this issue 7 months ago · 1 comments

apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: vault-secrets-operator
  namespace: kube-system
spec:
  securityContext:
    runAsUser: 9000
  chart: vault-secrets-operator
  repo: https://helm.releases.hashicorp.com
  version: 0.1.0
  targetNamespace: vault
  repoCAConfigMap:
    name: ca-bundle
  #jobImage: harbor.miradts.psdo.leidos.com/icam/rancher/klipper-helm:v0.8.2-build20230815
  valuesContent: |-
    defaultVaultConnection:
      enabled: true
      address: "http://vault.vault.svc.cluster.local:8200"
      skipTLSVerify: false

When applying the above manifest the POD to install the chart is passed:

 Args:
	install     
	--namespace 
	vault       
	--version   
	0.1.0

The config map is mounted at

ca-files:                                                  
  Type:      ConfigMap (a volume populated by a ConfigMap) 
  Name:      ca-bundle                              
  Optional:  false

The CA bundle is used to pass a reverse proxy's break and inspect action. Hence the POD needs to trust the reverse proxy signed certs. It is not.

Answer 1 · 2024-02-12T15:44:17.000Z

Error was caused by the securityContext, closing because it is working as. expected