From 14b01991b78a0d3df99e91827ec79c7635c40944 Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Wed, 10 Dec 2025 20:36:48 +0900 Subject: [PATCH 1/7] feat: remove ssh key Signed-off-by: Chris Butler --- templates/ssh-key-eso.yaml | 22 ---------------------- values.yaml | 19 ------------------- 2 files changed, 41 deletions(-) delete mode 100644 templates/ssh-key-eso.yaml diff --git a/templates/ssh-key-eso.yaml b/templates/ssh-key-eso.yaml deleted file mode 100644 index 7d13ab4..0000000 --- a/templates/ssh-key-eso.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and (ne .Values.global.secretStore.backend "none") (eq .Values.global.clusterPlatform "Azure") }} ---- -apiVersion: "external-secrets.io/v1beta1" -kind: ExternalSecret -metadata: - annotations: - argocd.argoproj.io/sync-wave: "1" - name: ssh-key-secret-eso - namespace: openshift-sandboxed-containers-operator -spec: - refreshInterval: 15s - secretStoreRef: - name: {{ .Values.secretStore.name }} - kind: {{ .Values.secretStore.kind }} - target: - name: ssh-key-secret - template: - type: Opaque - dataFrom: - - extract: - key: {{ .Values.sandbox.sshKey }} -{{- end }} \ No newline at end of file diff --git a/values.yaml b/values.yaml index 50a5cbf..978f694 100644 --- a/values.yaml +++ b/values.yaml @@ -1,22 +1,3 @@ --- # Chart-specific values # Common values are inherited from values-global.yaml - -# Global values used by this chart (overridden by values-global.yaml) -global: - clusterPlatform: "" # Cluster platform: "Azure" or "AWS" - secretStore: - # Secret store backend, typically overridden by values-global.yaml - backend: "" - -# Secret store configuration (overridden by values-global.yaml) -secretStore: - name: "" - kind: "" - -# Sandbox-specific configuration -sandbox: - sshKey: secret/data/global/sshKey - # These variables today limit to one cluster - # revise using imperative framework to infer from cluster vars - # Strongly advised to override in values-global.yaml or values-{cluster-group}.yaml \ No newline at end of file From 883abe591c7bbfaff66b8801ab64f92a278f2cb1 Mon Sep 17 00:00:00 2001 From: Beraldo Leal Date: Mon, 9 Feb 2026 10:19:02 -0500 Subject: [PATCH 2/7] feat: optional SSH debug key injection for podvm --- templates/ssh-key-eso.yaml | 22 ++++++++++++++++++++++ values.yaml | 4 ++++ 2 files changed, 26 insertions(+) create mode 100644 templates/ssh-key-eso.yaml diff --git a/templates/ssh-key-eso.yaml b/templates/ssh-key-eso.yaml new file mode 100644 index 0000000..2d50803 --- /dev/null +++ b/templates/ssh-key-eso.yaml @@ -0,0 +1,22 @@ +{{- if and (.Values.global.coco.enableSSHDebug) (ne .Values.global.secretStore.backend "none") (eq .Values.global.clusterPlatform "Azure") }} +--- +apiVersion: "external-secrets.io/v1beta1" +kind: ExternalSecret +metadata: + annotations: + argocd.argoproj.io/sync-wave: "1" + name: ssh-key-secret-eso + namespace: openshift-sandboxed-containers-operator +spec: + refreshInterval: 15s + secretStoreRef: + name: {{ .Values.secretStore.name }} + kind: {{ .Values.secretStore.kind }} + target: + name: ssh-key-secret + template: + type: Opaque + dataFrom: + - extract: + key: {{ .Values.sandbox.sshKey }} +{{- end }} diff --git a/values.yaml b/values.yaml index 978f694..018dc68 100644 --- a/values.yaml +++ b/values.yaml @@ -1,3 +1,7 @@ --- # Chart-specific values # Common values are inherited from values-global.yaml + +# Sandbox-specific configuration +sandbox: + sshKey: secret/data/global/sshKey From 4dc18719997500deb4ce65fb1e46b2174929fe88 Mon Sep 17 00:00:00 2001 From: Beraldo Leal Date: Mon, 9 Feb 2026 12:50:23 -0500 Subject: [PATCH 3/7] fix: nil-safe check for enableSSHDebug in template --- templates/ssh-key-eso.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/ssh-key-eso.yaml b/templates/ssh-key-eso.yaml index 2d50803..5c5a2a2 100644 --- a/templates/ssh-key-eso.yaml +++ b/templates/ssh-key-eso.yaml @@ -1,4 +1,4 @@ -{{- if and (.Values.global.coco.enableSSHDebug) (ne .Values.global.secretStore.backend "none") (eq .Values.global.clusterPlatform "Azure") }} +{{- if and (dig "coco" "enableSSHDebug" false .Values.global) (ne (.Values.global.secretStore.backend | default "none") "none") (eq (.Values.global.clusterPlatform | default "") "Azure") }} --- apiVersion: "external-secrets.io/v1beta1" kind: ExternalSecret From 6979a4d818197997da5d4a6070739c901ac660b0 Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Thu, 5 Mar 2026 13:30:19 +0900 Subject: [PATCH 4/7] chore: version bump Signed-off-by: Chris Butler --- Chart.yaml | 2 +- README.md | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index d19dde0..04f737a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -6,4 +6,4 @@ keywords: - confidential-computing - confidential-containers name: sandboxed-containers -version: 0.0.1 +version: 0.0.2 diff --git a/README.md b/README.md index 250ba4e..e819315 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # sandboxed-containers -![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) +![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) A Helm chart to provide an opinionated deployment of Sandboxed Containers in a validated pattern @@ -20,11 +20,7 @@ Along side this is a small number of imperative jobs which can be seen in the co | Key | Type | Default | Description | |-----|------|---------|-------------| -| global.clusterPlatform | string | `""` | | -| global.secretStore.backend | string | `""` | | | sandbox.sshKey | string | `"secret/data/global/sshKey"` | | -| secretStore.kind | string | `""` | | -| secretStore.name | string | `""` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) From fda329027d6ca30df6051582520ca5ba51647795 Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Thu, 5 Mar 2026 13:30:53 +0900 Subject: [PATCH 5/7] chore: version bump Signed-off-by: Chris Butler --- Chart.yaml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 04f737a..1e3bc72 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -6,4 +6,4 @@ keywords: - confidential-computing - confidential-containers name: sandboxed-containers -version: 0.0.2 +version: 0.1.0 diff --git a/README.md b/README.md index e819315..57804bc 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # sandboxed-containers -![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) A Helm chart to provide an opinionated deployment of Sandboxed Containers in a validated pattern From 43339216da387a60ef99af25d89976880ec379ed Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Thu, 5 Mar 2026 13:34:46 +0900 Subject: [PATCH 6/7] fix: version bump Signed-off-by: Chris Butler --- Chart.yaml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 1e3bc72..48d8b6a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -6,4 +6,4 @@ keywords: - confidential-computing - confidential-containers name: sandboxed-containers -version: 0.1.0 +version: 0.2.0 diff --git a/README.md b/README.md index 57804bc..db27e2e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # sandboxed-containers -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) A Helm chart to provide an opinionated deployment of Sandboxed Containers in a validated pattern From 4268bd984c3c222aee347ebd4d00ace353c905d8 Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Thu, 5 Mar 2026 14:30:38 +0900 Subject: [PATCH 7/7] fix: helm linting issues Signed-off-by: Chris Butler --- README.md | 2 ++ values.yaml | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/README.md b/README.md index db27e2e..8ae5944 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,8 @@ Along side this is a small number of imperative jobs which can be seen in the co | Key | Type | Default | Description | |-----|------|---------|-------------| +| global.clusterPlatform | string | `""` | | +| global.secretStore.backend | string | `""` | | | sandbox.sshKey | string | `"secret/data/global/sshKey"` | | ---------------------------------------------- diff --git a/values.yaml b/values.yaml index 018dc68..1f46102 100644 --- a/values.yaml +++ b/values.yaml @@ -2,6 +2,12 @@ # Chart-specific values # Common values are inherited from values-global.yaml +# Global values used by this chart (overridden by values-global.yaml) +global: + clusterPlatform: "" + secretStore: + backend: "" + # Sandbox-specific configuration sandbox: sshKey: secret/data/global/sshKey