HelmChart is not passing the --caFile arg with repoCAConfigMap is set
rkesters opened this issue · 1 comments
rkesters commented
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: vault-secrets-operator
namespace: kube-system
spec:
securityContext:
runAsUser: 9000
chart: vault-secrets-operator
repo: https://helm.releases.hashicorp.com
version: 0.1.0
targetNamespace: vault
repoCAConfigMap:
name: ca-bundle
#jobImage: harbor.miradts.psdo.leidos.com/icam/rancher/klipper-helm:v0.8.2-build20230815
valuesContent: |-
defaultVaultConnection:
enabled: true
address: "http://vault.vault.svc.cluster.local:8200"
skipTLSVerify: false
When applying the above manifest the POD to install the chart is passed:
Args:
install
--namespace
vault
--version
0.1.0
The config map is mounted at
ca-files:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: ca-bundle
Optional: false
The CA bundle is used to pass a reverse proxy's break and inspect action. Hence the POD needs to trust the reverse proxy signed certs. It is not.
rkesters commented
Error was caused by the securityContext, closing because it is working as. expected