diff --git a/charts/tuf/templates/_helpers.tpl b/charts/tuf/templates/_helpers.tpl index 923a62ef..b07b0f0b 100644 --- a/charts/tuf/templates/_helpers.tpl +++ b/charts/tuf/templates/_helpers.tpl @@ -84,4 +84,24 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "tuf.metaLabels" -}} helm.sh/chart: {{ include "tuf.chart" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Check number of TUF secrets +*/}} +{{- define "tuf.enabledSecretsCount" -}} +{{- $count := 0 -}} +{{- if (eq .Values.secrets.rekor.enabled true) -}} + {{- $count = add $count 1 -}} +{{- end -}} +{{- if (eq .Values.secrets.fulcio.enabled true) -}} + {{- $count = add $count 1 -}} +{{- end -}} +{{- if (eq .Values.secrets.ctlog.enabled true) -}} + {{- $count = add $count 1 -}} +{{- end -}} +{{- if (eq .Values.secrets.tsa.enabled true) -}} + {{- $count = add $count 1 -}} +{{- end -}} +{{- $count -}} {{- end -}} \ No newline at end of file diff --git a/charts/tuf/templates/deployment.yaml b/charts/tuf/templates/deployment.yaml index 33a56d74..68ab27c7 100644 --- a/charts/tuf/templates/deployment.yaml +++ b/charts/tuf/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{- if ne (include "tuf.enabledSecretsCount" .) "0" }} apiVersion: apps/v1 kind: Deployment metadata: @@ -80,15 +81,4 @@ spec: imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} - {{- if .Values.deployment.nodeSelector }} - nodeSelector: -{{ toYaml .Values.deployment.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.deployment.tolerations }} - tolerations: -{{ toYaml .Values.deployment.tolerations | indent 8 }} - {{- end }} - {{- if .Values.deployment.affinity }} - affinity: -{{ toYaml .Values.deployment.affinity | indent 8 }} - {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/tuf/templates/ingress.yaml b/charts/tuf/templates/ingress.yaml index 9d2b034a..23e98b9c 100644 --- a/charts/tuf/templates/ingress.yaml +++ b/charts/tuf/templates/ingress.yaml @@ -1,4 +1,5 @@ {{- if .Values.ingress.create }} +{{- if ne (include "tuf.enabledSecretsCount" .) "0" }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -34,3 +35,4 @@ spec: {{- end }} {{- end -}} {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/tuf/templates/namespace.yaml b/charts/tuf/templates/namespace.yaml index 37aa5e44..bc218a08 100644 --- a/charts/tuf/templates/namespace.yaml +++ b/charts/tuf/templates/namespace.yaml @@ -1,6 +1,8 @@ {{- if .Values.namespace.create }} +{{- if ne (include "tuf.enabledSecretsCount" .) "0" }} apiVersion: v1 kind: Namespace metadata: name: {{ .Values.namespace.name }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/tuf/templates/role.yaml b/charts/tuf/templates/role.yaml index 2209a9bf..6cd93905 100644 --- a/charts/tuf/templates/role.yaml +++ b/charts/tuf/templates/role.yaml @@ -1,3 +1,4 @@ +{{- if ne (include "tuf.enabledSecretsCount" .) "0" }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -6,4 +7,5 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["create", "get", "update"] \ No newline at end of file + verbs: ["create", "get", "update"] +{{- end }} \ No newline at end of file diff --git a/charts/tuf/templates/rolebinding.yaml b/charts/tuf/templates/rolebinding.yaml index b3d36931..cdbc12c8 100644 --- a/charts/tuf/templates/rolebinding.yaml +++ b/charts/tuf/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +{{- if ne (include "tuf.enabledSecretsCount" .) "0" }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -9,4 +10,5 @@ roleRef: name: {{ .Values.roleName }} subjects: - kind: ServiceAccount - name: {{ .Values.serviceAccountName }} \ No newline at end of file + name: {{ .Values.serviceAccountName }} +{{- end }} \ No newline at end of file diff --git a/charts/tuf/templates/service.yaml b/charts/tuf/templates/service.yaml index b1ae7848..c72f9c8b 100644 --- a/charts/tuf/templates/service.yaml +++ b/charts/tuf/templates/service.yaml @@ -1,3 +1,4 @@ +{{- if ne (include "tuf.enabledSecretsCount" .) "0" }} apiVersion: v1 kind: Service metadata: @@ -11,4 +12,5 @@ spec: targetPort: {{ .Values.deployment.port }} selector: {{- include "tuf.matchLabels" . | nindent 4 }} - type: ClusterIP \ No newline at end of file + type: ClusterIP +{{- end }} \ No newline at end of file diff --git a/charts/tuf/templates/serviceaccount.yaml b/charts/tuf/templates/serviceaccount.yaml index d7673367..b36f4857 100644 --- a/charts/tuf/templates/serviceaccount.yaml +++ b/charts/tuf/templates/serviceaccount.yaml @@ -1,5 +1,7 @@ +{{- if ne (include "tuf.enabledSecretsCount" .) "0" }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccountName }} -{{ include "tuf.namespace" . | indent 2 }} \ No newline at end of file +{{ include "tuf.namespace" . | indent 2 }} +{{- end }} \ No newline at end of file