Allow setting additional operator flags via the Helm chart

config/eck.yaml

@@ -6,6 +6,7 @@ ca-cert-validity: 8760h
 ca-cert-rotate-before: 24h
 cert-validity: 8760h
 cert-rotate-before: 24h
+disable-config-watch: false
 exposed-node-labels: [topology.kubernetes.io/.*,failure-domain.beta.kubernetes.io/.*]
 set-default-security-context: auto-detect
 kube-client-timeout: 60s
@@ -14,5 +15,7 @@ disable-telemetry: false
 distribution-channel: image
 validate-storage-class: true
 enable-webhook: false
+operator-namespace: elastic-system
 enable-leader-election: true
 elasticsearch-observation-interval: 10s
+ubi-only: false

deploy/eck-operator/templates/configmap.yaml

@@ -25,9 +25,13 @@ data:
     ca-cert-rotate-before: {{ .Values.config.caRotateBefore }}
     cert-validity: {{ .Values.config.certificatesValidity }}
     cert-rotate-before: {{ .Values.config.certificatesRotateBefore }}
+    disable-config-watch: {{ .Values.config.disableConfigWatch }}
     {{- with .Values.config.exposedNodeLabels }}
     exposed-node-labels: [{{ join "," .  }}]
     {{- end }}
+    {{- with .Values.config.ipFamily }}
+    ip-family: {{ . }}
+    {{- end }}
     set-default-security-context: {{ .Values.config.setDefaultSecurityContext }}
     kube-client-timeout: {{ .Values.config.kubeClientTimeout }}
     {{- with .Values.config.kubeClientQPS }}
@@ -58,5 +62,12 @@ data:
     {{- with .Values.managedNamespaces }}
     namespaces: [{{ join "," . }}]
     {{- end }}
+    operator-namespace: {{ .Release.Namespace }}
     enable-leader-election: {{ .Values.config.enableLeaderElection }}
     elasticsearch-observation-interval: {{ .Values.config.elasticsearchObservationInterval }}
+    {{- if not .Values.config.containerSuffix }}
+    ubi-only: {{ .Values.config.ubiOnly }}
+    {{- end }}
+    {{- with .Values.webhook.secret }}
+    webhook-secret: {{ . }}
+    {{- end }}

deploy/eck-operator/values.yaml

@@ -128,6 +128,8 @@ webhook:
   objectSelector: {}
   # port is the port that the validating webhook binds to.
   port: 9443
+  # secret specifies the Kubernetes secret to be mounted into the path designated by the certsDir value to be used for webhook certificates.
+  secret: ""
 
 # hostNetwork allows a Pod to use the Node network namespace.
 # This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
@@ -184,9 +186,15 @@ config:
   # certificatesRotateBefore defines when to rotate a certificate that is due to expire.
   certificatesRotateBefore: 24h
 
+  # disableConfigWatch specifies whether the operator watches the configuration file for changes.
+  disableConfigWatch: false
+
   # exposedNodeLabels is an array of regular expressions of node labels which are allowed to be copied as annotations on Elasticsearch Pods.
   exposedNodeLabels: [ "topology.kubernetes.io/.*", "failure-domain.beta.kubernetes.io/.*" ]
 
+  # ipFamily specifies the IP family to use. Possible values: IPv4, IPv6 and "" (auto-detect)
+  ipFamily: ""
+
   # setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator.
   # *note* that the default option now is "auto-detect" to attempt to set this properly automatically when both running
   # in an openshift cluster, and a standard kubernetes cluster.  Valid values are as follows:
@@ -211,6 +219,10 @@ config:
   # Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation.
   elasticsearchObservationInterval: 10s
 
+  # ubiOnly specifies whether the operator will use only UBI container images to deploy Elastic Stack applications. UBI images are only available from 7.10.0 onward.
+  # Cannot be combined with the containerSuffix value.
+  ubiOnly: false
+
 # Prometheus PodMonitor configuration
 # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor
 podMonitor: