update
diff --git a/charts/access-secrets/.helmignore b/charts/access-secrets/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/access-secrets/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/access-secrets/Chart.yaml b/charts/access-secrets/Chart.yaml
new file mode 100644
index 0000000..e17b6af
--- /dev/null
+++ b/charts/access-secrets/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: access-secrets
+description: A Helm chart giving service account access to secrets in the same namespace
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/access-secrets/templates/install.yaml b/charts/access-secrets/templates/install.yaml
new file mode 100644
index 0000000..ce27ccc
--- /dev/null
+++ b/charts/access-secrets/templates/install.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: secrets
+ namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "watch", "list", "patch", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: secrets
+ namespace: {{ .Release.Namespace }}
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.serviceAccountName }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: Role
+ name: secrets
+ apiGroup: rbac.authorization.k8s.io
diff --git a/charts/access-secrets/values.yaml b/charts/access-secrets/values.yaml
new file mode 100644
index 0000000..14f425b
--- /dev/null
+++ b/charts/access-secrets/values.yaml
@@ -0,0 +1 @@
+serviceAccountName: default
diff --git a/charts/tailscale-proxy/templates/install.yaml b/charts/tailscale-proxy/templates/install.yaml
index 76241da..f85f753 100644
--- a/charts/tailscale-proxy/templates/install.yaml
+++ b/charts/tailscale-proxy/templates/install.yaml
@@ -64,8 +64,10 @@
# key: key
- name: TS_HOSTNAME
value: {{ .Values.hostname }}
+ {{- if .Values.ipSubnet }}
- name: TS_ROUTES
value: {{ .Values.ipSubnet }}
+ {{- end }}
- name: TS_EXTRA_ARGS
value: --login-server={{ .Values.loginServer }}
# volumeMounts:
diff --git a/charts/virtual-machine/templates/secret-bash-profile.yaml b/charts/virtual-machine/templates/secret-bash-profile.yaml
deleted file mode 100644
index 5e5e34f..0000000
--- a/charts/virtual-machine/templates/secret-bash-profile.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-{{- if .Values.bashProfile }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.name }}-bash-profile
-type: Opaque
-data:
- foo_rc: {{ .Values.bashProfile }}
-{{- end }}
diff --git a/charts/virtual-machine/templates/vm.yaml b/charts/virtual-machine/templates/vm.yaml
index c9db8ed..40c4a34 100644
--- a/charts/virtual-machine/templates/vm.yaml
+++ b/charts/virtual-machine/templates/vm.yaml
@@ -20,11 +20,6 @@
limits:
memory: {{ .Values.memory }}
devices:
- # {{- if .Values.bashProfile }}
- # filesystems:
- # - name: bash-profile-fs
- # virtiofs: {}
- # {{- end }}
interfaces:
- name: default
# masquerade: {}
@@ -54,8 +49,3 @@
name: {{ .Values.name }}-user-data
networkDataSecretRef:
name: {{ .Values.name }}-network-data
- # {{- if .Values.bashProfile }}
- # - name: bash-profile-fs
- # secret:
- # secretName: {{ .Values.name}}-bash-profile
- # {{- end }}
diff --git a/charts/virtual-machine/values.yaml b/charts/virtual-machine/values.yaml
index 5feb9e6..79ea0a9 100644
--- a/charts/virtual-machine/values.yaml
+++ b/charts/virtual-machine/values.yaml
@@ -9,4 +9,3 @@
userData: "" # base64 encoded
networkData: "" # base64 encoded
ports: []
-bashProfile: "" # base64 encoded