evan.jarrett.net / hsm-secrets-operator
A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix helm deploy

Evan Jarrett 47b5b43a 9ad31a9d

+1 -56
-53
Dockerfile.alpine
··· 1 - # Production Dockerfile with real PKCS#11 support 2 - # Build the manager and agent binaries with CGO enabled 3 - FROM golang:1.24-alpine AS builder 4 - ARG TARGETOS 5 - ARG TARGETARCH 6 - 7 - # Install build dependencies for PKCS#11 and USB event monitoring 8 - RUN apk add --no-cache \ 9 - gcc \ 10 - g++ \ 11 - eudev-dev \ 12 - linux-headers 13 - 14 - # Return to workspace for Go builds 15 - WORKDIR /workspace 16 - 17 - # Copy the Go Modules manifests 18 - COPY go.mod go.mod 19 - COPY go.sum go.sum 20 - # cache deps before building and copying source so that we don't need to re-download as much 21 - # and so that source changes don't invalidate our downloaded layer 22 - RUN go mod download 23 - 24 - COPY cmd/ cmd/ 25 - COPY api/ api/ 26 - COPY internal/ internal/ 27 - COPY web/ web/ 28 - 29 - # Build unified binary with CGO enabled for PKCS#11 support (agent mode needs it) 30 - RUN CGO_ENABLED=1 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o hsm-operator cmd/hsm-operator/main.go 31 - 32 - FROM alpine:3.22 33 - RUN apk add --no-cache opensc-dev ccid pcsc-lite openssl libtool libusb ca-certificates eudev 34 - 35 - WORKDIR / 36 - COPY --from=builder /workspace/hsm-operator . 37 - COPY --from=builder /workspace/web ./web/ 38 - COPY entrypoint.sh /entrypoint.sh 39 - RUN chmod +x /entrypoint.sh 40 - 41 - # Create USB device access groups and add user to them 42 - RUN addgroup -g 20 dialout && \ 43 - adduser 65532 dialout && \ 44 - addgroup -g 85 usb 2>/dev/null || true && \ 45 - adduser 65532 usb 2>/dev/null || true 46 - 47 - RUN mkdir -p /var/run/pcscd /var/lock/pcsc && \ 48 - chown -R 65532:65532 /var/run/pcscd /var/lock/pcsc && \ 49 - chmod 755 /var/run/pcscd /var/lock/pcsc 50 - 51 - USER 65532:65532 52 - 53 - ENTRYPOINT ["/entrypoint.sh"]
+1 -3
helm/hsm-secrets-operator/templates/deployment.yaml
··· 39 39 - name: manager 40 40 image: {{ include "hsm-secrets-operator.image" . }} 41 41 imagePullPolicy: {{ .Values.image.pullPolicy }} 42 - command: 43 - - /entrypoint.sh 44 - - manager 45 42 args: 43 + - --mode=manager 46 44 - --leader-elect={{ .Values.leaderElection.enabled }} 47 45 {{- if .Values.config.verboseLogging }} 48 46 - --zap-log-level=debug