[CLS-83939] charts: inject custom CA cert into Fargate injected agent#323
Open
DorEdelman wants to merge 1 commit intomasterfrom
Open
[CLS-83939] charts: inject custom CA cert into Fargate injected agent#323DorEdelman wants to merge 1 commit intomasterfrom
DorEdelman wants to merge 1 commit intomasterfrom
Conversation
natishauli
reviewed
May 6, 2026
| value: {{ include "helper.rbac.name" . }} | ||
| {{- end }} | ||
| {{- end }} | ||
| {{- if include "custom_ca.secret.create" . }} |
Collaborator
There was a problem hiding this comment.
move to {{- define "helper.config" -}} in _helper.tpl under {{- if .Values.configuration.env.injection.enabled -}}
Mount the custom CA secret as a volume in the injection ConfigMap so injected agents on EKS Fargate can trust a private console CA. Add S1_CUSTOM_CA_SECRET_NAME env var to the helper (only when the chart creates the secret) so the helper can propagate it to target namespaces during webhook injection. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
DorEdelman
force-pushed
the
dore-fargate-custom-ca
branch
from
3ac89b0 to
a1f98f2
Compare
DorEdelman
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
S1_CUSTOM_CA_SECRET_NAMEenv var to the helper statefulset (only when the chart creates the secret, not when the customer provides one viacustom_ca_name) so the helper can propagate the secret to target namespaces synchronously during webhook injectionTest plan
configuration.custom_ca=true+ a PEM file on EKS Fargate; verify injected agent pod mountsca-certsvolume and reaches Running stateS1_CUSTOM_CA_SECRET_NAMEenv var is present on helper pod when chart creates the secretconfiguration.custom_ca_name=my-existing-ca; verifyS1_CUSTOM_CA_SECRET_NAMEis NOT set on helper pod (customer-managed secret case)configuration.custom_ca=false; verify noca-certsvolume or mount appears anywhere