A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
fix
+6
-18
+1
-13
entrypoint.sh
+1
-13
entrypoint.sh
···
1
1
set -e
2
2
3
3
# Debug: Show user and USB device permissions for agent mode only
4
-
if [ "$1" = "agent" ]; then
4
+
if [ "$1" = "--mode=agent" ]; then
5
5
echo "Starting pcscd as user: $(id)"
6
6
echo "Groups: $(groups)"
7
7
echo "USB device permissions:"
···
45
45
# Supports running manager, discovery, or agent binaries from the same container
46
46
47
47
case "$1" in
48
-
"manager")
49
-
shift
50
-
exec /hsm-operator --mode=manager "$@"
51
-
;;
52
-
"discovery")
53
-
shift
54
-
exec /hsm-operator --mode=discovery "$@"
55
-
;;
56
-
"agent")
57
-
shift
58
-
exec /hsm-operator --mode=agent "$@"
59
-
;;
60
48
"--mode="*)
61
49
# Direct mode flag usage (preferred)
62
50
exec /hsm-operator "$@"
+3
-3
internal/controller/discovery_daemonset_controller.go
+3
-3
internal/controller/discovery_daemonset_controller.go
···
204
204
ServiceAccountName: r.ServiceAccountName,
205
205
Containers: []corev1.Container{
206
206
{
207
-
Name: "discovery",
208
-
Image: discoveryImage,
209
-
Args: []string{"--mode", "discovery"},
207
+
Name: "discovery",
208
+
Image: discoveryImage,
209
+
Args: []string{"--mode", "discovery"},
210
210
Env: []corev1.EnvVar{
211
211
{
212
212
Name: "NODE_NAME",
+2
-2
internal/controller/hsmpool_agent_controller.go
+2
-2
internal/controller/hsmpool_agent_controller.go
···
619
619
{
620
620
Name: "agent",
621
621
Image: agentImage,
622
-
Args: r.buildAgentArgs(ctx, hsmPool, deviceName),
623
-
Env: []corev1.EnvVar{},
622
+
Args: r.buildAgentArgs(ctx, hsmPool, deviceName),
623
+
Env: []corev1.EnvVar{},
624
624
Ports: []corev1.ContainerPort{
625
625
{
626
626
Name: "grpc",