From 213ded9d6ac6e84df31fd4d31dd64ee797630e4e Mon Sep 17 00:00:00 2001 From: Eric Searcy Date: Fri, 12 Dec 2025 14:43:51 -0800 Subject: [PATCH] feat: Add configurable algorithm option for heimdall key generation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Change key_type to algorithm in values.yaml to match template expectations - Default algorithm is now 'rsa' instead of hardcoded configuration - Update template comment to reflect configurable algorithm option - Fix inconsistency between values.yaml field name and template reference 🤖 Generated with [GitHub Copilot](https://github.com/features/copilot) (via Zed) Signed-off-by: Eric Searcy --- .../lfx-platform/templates/heimdall/heimdall-signer-cert.yaml | 4 ++-- charts/lfx-platform/values.yaml | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/lfx-platform/templates/heimdall/heimdall-signer-cert.yaml b/charts/lfx-platform/templates/heimdall/heimdall-signer-cert.yaml index 692db64..1c7920d 100644 --- a/charts/lfx-platform/templates/heimdall/heimdall-signer-cert.yaml +++ b/charts/lfx-platform/templates/heimdall/heimdall-signer-cert.yaml @@ -3,10 +3,10 @@ --- {{ if and .Values.heimdall.enabled .Values.lfx.generateHeimdallSignerCert.enabled -}} {{/* -Generate a P-256 curve key & x509 cert for Heimdall on install of Chart +Generate a private key & x509 cert for Heimdall on install of Chart TODO: Create RBAC rule to limit secret access to heimdall Pods */}} -{{- $heimdallCA := genCAWithKey "heimdall" 365 (genPrivateKey "ecdsa")}} +{{- $heimdallCA := genCAWithKey "heimdall" 365 (genPrivateKey .Values.lfx.generateHeimdallSignerCert.algorithm) -}} apiVersion: v1 kind: Secret diff --git a/charts/lfx-platform/values.yaml b/charts/lfx-platform/values.yaml index 0261518..cff2cbe 100644 --- a/charts/lfx-platform/values.yaml +++ b/charts/lfx-platform/values.yaml @@ -21,6 +21,8 @@ lfx: generateHeimdallSignerCert: enabled: true name: heimdall-signer-cert + # algorithm will be passed as the parameter to Sprig's genPrivateKey. + algorithm: rsa whoami: enabled: true