cmd/k8s-operator,ipn: prototype- user provisioned certsirbekrm/pull_in_certs

Allow users to pass their own certs instead of minting LE ones each time

Signed-off-by: Irbe Krumina <irbe@tailscale.com>

1 files changed, 10 insertions, 0 deletions

diff --git a/cmd/k8s-operator/deploy/chart/templates/deployment.yaml b/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
index 75a53b51e..a23028c69 100644
--- a/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
+++ b/cmd/k8s-operator/deploy/chart/templates/deployment.yaml
@@ -35,6 +35,9 @@ spec:
       - name: oauth
         secret:
           secretName: operator-oauth
+      - name: tls-certs
+        secret:
+          secretName: tls-certs
       containers:
         - name: operator
           {{- with .Values.operatorConfig.securityContext }}
@@ -74,10 +77,17 @@ spec:
               value: "{{ .Values.apiServerProxyConfig.mode }}"
             - name: PROXY_FIREWALL_MODE
               value: {{ .Values.proxyConfig.firewallMode }}
+            - name: TLS_CERT_PATH
+              value: /tls/tls.crt
+            - name: TLS_KEY_PATH
+              value: /tls/tls.key
           volumeMounts:
           - name: oauth
             mountPath: /oauth
             readOnly: true
+          - name: tls-certs
+            mountPath: /tls
+            readOnly: true
       {{- with .Values.operatorConfig.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}