Skip to content

change to load custom certs through a secret rather than configmap #1585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: staging
Choose a base branch
from
Open

change to load custom certs through a secret rather than configmap #1585

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7a226f5
change to load custom certs through a secret rather than configmap
STollenaar Jun 5, 2025
849c1bb
update deployment to use a projected volume instead
STollenaar Jul 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions snyk-monitor/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,9 +105,10 @@ Finally, create the secret in Kubernetes by running the following command:
kubectl create secret generic snyk-monitor -n snyk-monitor --from-file=./dockercfg.json --from-literal=integrationId=abcd1234-abcd-1234-abcd-1234abcd1234 --from-literal=serviceAccountApiToken=aabb1212-abab-1212-dcba-4321abcd4321
```

5. (Optional) If your private registry requires installing certificates (*.crt, *.cert, *.key only) please put them in a folder and create the following ConfigMap:
5. (Optional) If your private registry requires installing certificates (_.crt,_.cert, *.key only) please put them in a folder and create the following Secret:

```shell
kubectl create configmap snyk-monitor-certs -n snyk-monitor --from-file=<path_to_certs_folder>
kubectl create secret tls snyk-monitor-certs -n snyk-monitor --cert=path/to/tls.crt --key=path/to/tls.key
```

6. (Optional) If you are using an insecure registry or your registry is using unqualified images, you can provide a `registries.conf` file. See [the documentation](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md) for information on the format and examples.
Expand Down
11 changes: 8 additions & 3 deletions snyk-monitor/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,9 +283,14 @@ spec:
sizeLimit: {{ .Values.temporaryStorageSize }}
{{- end }}
- name: ssl-certs
configMap:
name: {{ .Values.certsConfigMap }}
optional: true
projected:
sources:
- configMap:
name: {{.Values.certsConfigMap}}
optional: true
- secret:
name: {{ .Values.certsSecret }}
optional: true
- name: workload-policies
configMap:
{{- if .Values.workloadPoliciesMap }}
Expand Down
4 changes: 4 additions & 0 deletions snyk-monitor/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,11 @@
# The secrets should be created externally, before applying this Helm chart.
# The currently used keys within the secret are: "dockercfg.json", "integrationId".
monitorSecrets: snyk-monitor
certsSecret: snyk-monitor-certs

# Deprecated, use the certsSecret instead
certsConfigMap: snyk-monitor-certs

registriesConfConfigMap: snyk-monitor-registries-conf

# An external ConfigMap to use for loading policies into snyk-monitor.
Expand Down