From 2b2182e2f323e3a39818502223decd0be054d13c Mon Sep 17 00:00:00 2001 From: ian hundere <138915+ianhundere@users.noreply.github.com> Date: Tue, 2 Jul 2024 08:10:42 -0400 Subject: [PATCH] adds tolerations, nodeSelector, and affinity to scaffold. (#763) Signed-off-by: ianhundere <138915+ianhundere@users.noreply.github.com> --- charts/scaffold/Chart.lock | 16 +- charts/scaffold/Chart.yaml | 14 +- .../scaffold/templates/copy-secrets-job.yaml | 14 +- charts/scaffold/values.schema.json | 1298 ++++------------- charts/scaffold/values.yaml | 22 + 5 files changed, 316 insertions(+), 1048 deletions(-) diff --git a/charts/scaffold/Chart.lock b/charts/scaffold/Chart.lock index 568d5110..5b2910ca 100644 --- a/charts/scaffold/Chart.lock +++ b/charts/scaffold/Chart.lock @@ -1,21 +1,21 @@ dependencies: - name: fulcio repository: https://sigstore.github.io/helm-charts - version: 2.3.19 + version: 2.3.20 - name: rekor repository: https://sigstore.github.io/helm-charts - version: 1.4.0 + version: 1.4.2 - name: trillian repository: https://sigstore.github.io/helm-charts - version: 0.2.22 + version: 0.2.24 - name: ctlog repository: https://sigstore.github.io/helm-charts - version: 0.2.52 + version: 0.2.53 - name: tuf repository: https://sigstore.github.io/helm-charts - version: 0.1.12 + version: 0.1.14 - name: tsa repository: https://sigstore.github.io/helm-charts - version: 1.0.2 -digest: sha256:9f99a82164d1b86071eb345985e53d41b0304fecdd7fde7649dc9486477975f7 -generated: "2024-05-14T11:49:22.640407283-07:00" + version: 1.0.3 +digest: sha256:caf960fdcf37c5819ddd2c2719cc557d28d59923cca4fd8c273f8dc0c94a15a5 +generated: "2024-06-27T09:57:50.636761-04:00" diff --git a/charts/scaffold/Chart.yaml b/charts/scaffold/Chart.yaml index 1dee083a..bd4163e5 100644 --- a/charts/scaffold/Chart.yaml +++ b/charts/scaffold/Chart.yaml @@ -4,7 +4,7 @@ description: Scaffolding the components of the sigstore architecture type: application -version: 0.6.50 +version: 0.6.51 keywords: - security - pki @@ -16,27 +16,27 @@ maintainers: dependencies: - name: fulcio - version: 2.3.19 + version: 2.3.20 repository: https://sigstore.github.io/helm-charts condition: fulcio.enabled - name: rekor - version: 1.4.0 + version: 1.4.2 repository: https://sigstore.github.io/helm-charts condition: rekor.enabled - name: trillian - version: 0.2.22 + version: 0.2.24 repository: https://sigstore.github.io/helm-charts condition: trillian.enabled - name: ctlog - version: 0.2.52 + version: 0.2.53 repository: https://sigstore.github.io/helm-charts condition: ctlog.enabled - name: tuf - version: 0.1.12 + version: 0.1.14 repository: https://sigstore.github.io/helm-charts condition: tuf.enabled - name: tsa - version: 1.0.2 + version: 1.0.3 repository: https://sigstore.github.io/helm-charts condition: tsa.enabled diff --git a/charts/scaffold/templates/copy-secrets-job.yaml b/charts/scaffold/templates/copy-secrets-job.yaml index d0ea819a..734dfd72 100644 --- a/charts/scaffold/templates/copy-secrets-job.yaml +++ b/charts/scaffold/templates/copy-secrets-job.yaml @@ -78,4 +78,16 @@ spec: "-c", "curl {{ .Values.tsa.server.fullnameOverride}}.{{ .Values.tsa.namespace.name }}.svc.cluster.local/api/v1/timestamp/certchain -o /tmp/cert-chain -v && kubectl create secret generic {{ .Values.tuf.secrets.tsa.name }} --from-file=cert-chain=/tmp/cert-chain" ] -{{- end }} \ No newline at end of file + {{- if .Values.copySecretJob.nodeSelector }} + nodeSelector: +{{ toYaml .Values.copySecretJob.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.copySecretJob.tolerations }} + tolerations: +{{ toYaml .Values.copySecretJob.tolerations | indent 8 }} + {{- end }} + {{- if .Values.copySecretJob.affinity }} + affinity: +{{ toYaml .Values.copySecretJob.affinity | indent 8 }} + {{- end }} +{{- end }} diff --git a/charts/scaffold/values.schema.json b/charts/scaffold/values.schema.json index 3d4ab601..f2bd7db4 100644 --- a/charts/scaffold/values.schema.json +++ b/charts/scaffold/values.schema.json @@ -1,1190 +1,424 @@ { - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "http://example.com/example.json", - "type": "object", - "default": {}, - "title": "Root Schema", - "required": [ - "fulcio", - "ctlog", - "rekor", - "trillian", - "tuf", - "copySecretJob", - "tsa" - ], + "$schema": "https://json-schema.org/draft/2020-12/schema", "properties": { - "fulcio": { - "type": "object", - "default": {}, - "title": "The fulcio Schema", - "required": [ - "enabled", - "namespace", - "forceNamespace", - "server", - "createcerts", - "ctlog" - ], + "copySecretJob": { "properties": { + "affinity": { + "properties": {}, + "type": "object" + }, + "backoffLimit": { + "type": "integer" + }, "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - true - ] + "type": "boolean" }, - "namespace": { - "type": "object", - "default": {}, - "title": "The namespace Schema", - "required": [ - "name", - "create" - ], + "imagePullPolicy": { + "type": "string" + }, + "name": { + "type": "string" + }, + "nodeSelector": { + "properties": {}, + "type": "object" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "serviceaccount": { + "type": "string" + }, + "tolerations": { + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "ctlog": { + "properties": { + "affinity": { + "properties": {}, + "type": "object" + }, + "createcerts": { "properties": { - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "fulcio-system" - ] + "fullnameOverride": { + "type": "string" + } + }, + "type": "object" + }, + "createtree": { + "properties": { + "displayName": { + "type": "string" }, - "create": { - "type": "boolean", - "default": false, - "title": "The create Schema", - "examples": [ - true - ] + "fullnameOverride": { + "type": "string" } }, - "examples": [{ - "name": "fulcio-system", - "create": true - }] + "type": "object" + }, + "enabled": { + "type": "boolean" }, "forceNamespace": { - "type": "string", - "default": "", - "title": "The forceNamespace Schema", - "examples": [ - "fulcio-system" - ] + "type": "string" }, - "server": { - "type": "object", - "default": {}, - "title": "The server Schema", - "required": [ - "fullnameOverride" - ], + "fullnameOverride": { + "type": "string" + }, + "namespace": { "properties": { - "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "fulcio-server" - ] + "create": { + "type": "boolean" + }, + "name": { + "type": "string" } }, - "examples": [{ - "fullnameOverride": "fulcio-server" - }] + "type": "object" + }, + "nodeSelector": { + "properties": {}, + "type": "object" + }, + "tolerations": { + "type": "array" + } + }, + "type": "object" + }, + "fulcio": { + "properties": { + "affinity": { + "properties": {}, + "type": "object" }, "createcerts": { - "type": "object", - "default": {}, - "title": "The createcerts Schema", - "required": [ - "fullnameOverride" - ], "properties": { "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "fulcio-createcerts" - ] + "type": "string" } }, - "examples": [{ - "fullnameOverride": "fulcio-createcerts" - }] + "type": "object" }, "ctlog": { - "type": "object", - "default": {}, - "title": "The ctlog Schema", - "required": [ - "enabled", - "createctconfig" - ], "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - false - ] - }, "createctconfig": { - "type": "object", - "default": {}, - "title": "The createctconfig Schema", - "required": [ - "logPrefix" - ], "properties": { "logPrefix": { - "type": "string", - "default": "", - "title": "The logPrefix Schema", - "examples": [ - "sigstorescaffolding" - ] + "type": "string" } }, - "examples": [{ - "logPrefix": "sigstorescaffolding" - }] + "type": "object" + }, + "enabled": { + "type": "boolean" } }, - "examples": [{ - "enabled": false, - "createctconfig": { - "logPrefix": "sigstorescaffolding" - } - }] - } - }, - "examples": [{ - "enabled": true, - "namespace": { - "name": "fulcio-system", - "create": true + "type": "object" }, - "forceNamespace": "fulcio-system", - "server": { - "fullnameOverride": "fulcio-server" - }, - "createcerts": { - "fullnameOverride": "fulcio-createcerts" - }, - "ctlog": { - "enabled": false, - "createctconfig": { - "logPrefix": "sigstorescaffolding" - } - } - }] - }, - "ctlog": { - "type": "object", - "default": {}, - "title": "The ctlog Schema", - "required": [ - "enabled", - "namespace", - "forceNamespace", - "fullnameOverride", - "createcerts", - "createtree" - ], - "properties": { "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - true - ] + "type": "boolean" + }, + "forceNamespace": { + "type": "string" }, "namespace": { - "type": "object", - "default": {}, - "title": "The namespace Schema", - "required": [ - "name", - "create" - ], "properties": { - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "ctlog-system" - ] - }, "create": { - "type": "boolean", - "default": false, - "title": "The create Schema", - "examples": [ - true - ] + "type": "boolean" + }, + "name": { + "type": "string" } }, - "examples": [{ - "name": "ctlog-system", - "create": true - }] - }, - "forceNamespace": { - "type": "string", - "default": "", - "title": "The forceNamespace Schema", - "examples": [ - "ctlog-system" - ] + "type": "object" }, - "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "ctlog" - ] + "nodeSelector": { + "properties": {}, + "type": "object" }, - "createcerts": { - "type": "object", - "default": {}, - "title": "The createcerts Schema", - "required": [ - "fullnameOverride" - ], + "server": { "properties": { "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "ctlog-createcerts" - ] + "type": "string" } }, - "examples": [{ - "fullnameOverride": "ctlog-createcerts" - }] + "type": "object" }, - "createtree": { - "type": "object", - "default": {}, - "title": "The createtree Schema", - "required": [ - "fullnameOverride", - "displayName" - ], - "properties": { - "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "ctlog-createtree" - ] - }, - "displayName": { - "type": "string", - "default": "", - "title": "The displayName Schema", - "examples": [ - "ctlog-tree" - ] - } - }, - "examples": [{ - "fullnameOverride": "ctlog-createtree", - "displayName": "ctlog-tree" - }] + "tolerations": { + "type": "array" } }, - "examples": [{ - "enabled": true, - "namespace": { - "name": "ctlog-system", - "create": true - }, - "forceNamespace": "ctlog-system", - "fullnameOverride": "ctlog", - "createcerts": { - "fullnameOverride": "ctlog-createcerts" - }, - "createtree": { - "fullnameOverride": "ctlog-createtree", - "displayName": "ctlog-tree" - } - }] + "type": "object" }, "rekor": { - "type": "object", - "default": {}, - "title": "The rekor Schema", - "required": [ - "enabled", - "namespace", - "forceNamespace", - "fullnameOverride", - "server", - "redis", - "trillian" - ], "properties": { + "affinity": { + "properties": {}, + "type": "object" + }, "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - true - ] + "type": "boolean" + }, + "forceNamespace": { + "type": "string" + }, + "fullnameOverride": { + "type": "string" }, "namespace": { - "type": "object", - "default": {}, - "title": "The namespace Schema", - "required": [ - "name", - "create" - ], "properties": { - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "rekor-system" - ] - }, "create": { - "type": "boolean", - "default": false, - "title": "The create Schema", - "examples": [ - true - ] + "type": "boolean" + }, + "name": { + "type": "string" } }, - "examples": [{ - "name": "rekor-system", - "create": true - }] - }, - "forceNamespace": { - "type": "string", - "default": "", - "title": "The forceNamespace Schema", - "examples": [ - "rekor-system" - ] + "type": "object" }, - "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "rekor" - ] + "nodeSelector": { + "properties": {}, + "type": "object" }, - "server": { - "type": "object", - "default": {}, - "title": "The server Schema", - "required": [ - "fullnameOverride" - ], + "redis": { "properties": { "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "rekor-server" - ] + "type": "string" } }, - "examples": [{ - "fullnameOverride": "rekor-server" - }] + "type": "object" }, - "redis": { - "type": "object", - "default": {}, - "title": "The redis Schema", - "required": [ - "fullnameOverride" - ], + "server": { "properties": { "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "rekor-redis" - ] + "type": "string" } }, - "examples": [{ - "fullnameOverride": "rekor-redis" - }] + "type": "object" + }, + "tolerations": { + "type": "array" }, "trillian": { - "type": "object", - "default": {}, - "title": "The trillian Schema", - "required": [ - "enabled" - ], "properties": { "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - false - ] + "type": "boolean" } }, - "examples": [{ - "enabled": false - }] + "type": "object" } }, - "examples": [{ - "enabled": true, - "namespace": { - "name": "rekor-system", - "create": true - }, - "forceNamespace": "rekor-system", - "fullnameOverride": "rekor", - "server": { - "fullnameOverride": "rekor-server" - }, - "redis": { - "fullnameOverride": "rekor-redis" - }, - "trillian": { - "enabled": false - } - }] + "type": "object" }, "trillian": { - "type": "object", - "default": {}, - "title": "The trillian Schema", - "required": [ - "enabled", - "namespace", - "forceNamespace", - "fullnameOverride", - "logServer", - "logSigner", - "mysql" - ], "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - true - ] + "affinity": { + "properties": {}, + "type": "object" }, - "namespace": { - "type": "object", - "default": {}, - "title": "The namespace Schema", - "required": [ - "name", - "create" - ], - "properties": { - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "trillian-system" - ] - }, - "create": { - "type": "boolean", - "default": false, - "title": "The create Schema", - "examples": [ - true - ] - } - }, - "examples": [{ - "name": "trillian-system", - "create": true - }] + "enabled": { + "type": "boolean" }, "forceNamespace": { - "type": "string", - "default": "", - "title": "The forceNamespace Schema", - "examples": [ - "trillian-system" - ] + "type": "string" }, "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "trillian" - ] + "type": "string" }, "logServer": { - "type": "object", - "default": {}, - "title": "The logServer Schema", - "required": [ - "name", - "fullnameOverride", - "portHTTP", - "portRPC" - ], "properties": { - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "trillian-logserver" - ] - }, "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "trillian-logserver" - ] + "type": "string" + }, + "name": { + "type": "string" }, "portHTTP": { - "type": "integer", - "default": 0, - "title": "The portHTTP Schema", - "examples": [ - 8090 - ] + "type": "integer" }, "portRPC": { - "type": "integer", - "default": 0, - "title": "The portRPC Schema", - "examples": [ - 8091 - ] + "type": "integer" } }, - "examples": [{ - "name": "trillian-logserver", - "fullnameOverride": "trillian-logserver", - "portHTTP": 8090, - "portRPC": 8091 - }] + "type": "object" }, "logSigner": { - "type": "object", - "default": {}, - "title": "The logSigner Schema", - "required": [ - "name", - "fullnameOverride" - ], "properties": { - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "trillian-logsigner" - ] - }, "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "trillian-logsigner" - ] + "type": "string" + }, + "name": { + "type": "string" } }, - "examples": [{ - "name": "trillian-logsigner", - "fullnameOverride": "trillian-logsigner" - }] + "type": "object" }, "mysql": { - "type": "object", - "default": {}, - "title": "The mysql Schema", - "required": [ - "fullnameOverride" - ], "properties": { "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "trillian-mysql" - ] + "type": "string" + } + }, + "type": "object" + }, + "namespace": { + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" } }, - "examples": [{ - "fullnameOverride": "trillian-mysql" - }] + "type": "object" + }, + "nodeSelector": { + "properties": {}, + "type": "object" + }, + "tolerations": { + "type": "array" } }, - "examples": [{ - "enabled": true, + "type": "object" + }, + "tsa": { + "properties": { + "affinity": { + "properties": {}, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "forceNamespace": { + "type": "string" + }, "namespace": { - "name": "trillian-system", - "create": true + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object" }, - "forceNamespace": "trillian-system", - "fullnameOverride": "trillian", - "logServer": { - "name": "trillian-logserver", - "fullnameOverride": "trillian-logserver", - "portHTTP": 8090, - "portRPC": 8091 + "nodeSelector": { + "properties": {}, + "type": "object" }, - "logSigner": { - "name": "trillian-logsigner", - "fullnameOverride": "trillian-logsigner" + "server": { + "properties": { + "fullnameOverride": { + "type": "string" + } + }, + "type": "object" }, - "mysql": { - "fullnameOverride": "trillian-mysql" + "tolerations": { + "type": "array" } - }] + }, + "type": "object" }, "tuf": { - "type": "object", - "default": {}, - "title": "The tuf Schema", - "required": [ - "enabled", - "namespace", - "forceNamespace", - "fullnameOverride", - "secrets" - ], "properties": { + "affinity": { + "properties": {}, + "type": "object" + }, "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - false - ] + "type": "boolean" + }, + "forceNamespace": { + "type": "string" + }, + "fullnameOverride": { + "type": "string" }, "namespace": { - "type": "object", - "default": {}, - "title": "The namespace Schema", - "required": [ - "name", - "create" - ], "properties": { - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "tuf-system" - ] - }, "create": { - "type": "boolean", - "default": false, - "title": "The create Schema", - "examples": [ - true - ] + "type": "boolean" + }, + "name": { + "type": "string" } }, - "examples": [{ - "name": "tuf-system", - "create": true - }] + "type": "object" }, - "forceNamespace": { - "type": "string", - "default": "", - "title": "The forceNamespace Schema", - "examples": [ - "tuf-system" - ] - }, - "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "tuf" - ] + "nodeSelector": { + "properties": {}, + "type": "object" }, "secrets": { - "type": "object", - "default": {}, - "title": "The secrets Schema", - "required": [ - "rekor", - "fulcio", - "ctlog" - ], "properties": { - "rekor": { - "type": "object", - "default": {}, - "title": "The rekor Schema", - "required": [ - "name", - "path" - ], + "ctlog": { "properties": { "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "rekor-public-key" - ] + "type": "string" }, "path": { - "type": "string", - "default": "", - "title": "The path Schema", - "examples": [ - "rekor-pubkey" - ] + "type": "string" } }, - "examples": [{ - "name": "rekor-public-key", - "path": "rekor-pubkey" - }] + "type": "object" }, "fulcio": { - "type": "object", - "default": {}, - "title": "The fulcio Schema", - "required": [ - "name", - "path" - ], "properties": { "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "fulcio-server-secret" - ] + "type": "string" }, "path": { - "type": "string", - "default": "", - "title": "The path Schema", - "examples": [ - "fulcio-cert" - ] + "type": "string" } }, - "examples": [{ - "name": "fulcio-server-secret", - "path": "fulcio-cert" - }] + "type": "object" }, - "ctlog": { - "type": "object", - "default": {}, - "title": "The ctlog Schema", - "required": [ - "name", - "path" - ], + "rekor": { "properties": { "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "ctlog-public-key" - ] + "type": "string" }, "path": { - "type": "string", - "default": "", - "title": "The path Schema", - "examples": [ - "ctlog-pubkey" - ] + "type": "string" } }, - "examples": [{ - "name": "ctlog-public-key", - "path": "ctlog-pubkey" - }] - } - }, - "examples": [{ - "rekor": { - "name": "rekor-public-key", - "path": "rekor-pubkey" - }, - "fulcio": { - "name": "fulcio-server-secret", - "path": "fulcio-cert" - }, - "ctlog": { - "name": "ctlog-public-key", - "path": "ctlog-pubkey" - } - }] - } - }, - "examples": [{ - "enabled": false, - "namespace": { - "name": "tuf-system", - "create": true - }, - "forceNamespace": "tuf-system", - "fullnameOverride": "tuf", - "secrets": { - "rekor": { - "name": "rekor-public-key", - "path": "rekor.pub" - }, - "fulcio": { - "name": "fulcio-server-secret", - "path": "fulcio_v1.crt.pem" - }, - "ctlog": { - "name": "ctlog-public-key", - "path": "ctfe.pub" - } - } - }] - }, - "copySecretJob": { - "type": "object", - "default": {}, - "title": "The copySecretJob Schema", - "required": [ - "enabled", - "name", - "registry", - "repository", - "version", - "imagePullPolicy", - "serviceaccount", - "backoffLimit" - ], - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - false - ] - }, - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "copy-secrets-job" - ] - }, - "registry": { - "type": "string", - "default": "", - "title": "The registry Schema", - "examples": [ - "docker.io" - ] - }, - "repository": { - "type": "string", - "default": "", - "title": "The repository Schema", - "examples": [ - "alpine/k8s" - ] - }, - "version": { - "type": "string", - "default": "", - "title": "The version Schema", - "examples": [ - "sha256:fb0d2db81fb0f98abb1adf5246d6f0f4d19f34031afe4759cb7ad8e2eb8d2c01" - ] - }, - "imagePullPolicy": { - "type": "string", - "default": "", - "title": "The imagePullPolicy Schema", - "examples": [ - "IfNotPresent" - ] - }, - "serviceaccount": { - "type": "string", - "default": "", - "title": "The serviceaccount Schema", - "examples": [ - "tuf-secret-copy-job" - ] - }, - "backoffLimit": { - "type": "integer", - "default": 0, - "title": "The backoffLimit Schema", - "examples": [ - 6 - ] - } - }, - "examples": [{ - "enabled": false, - "name": "copy-secrets-job", - "registry": "docker.io", - "repository": "alpine/k8s", - "version": "sha256:fb0d2db81fb0f98abb1adf5246d6f0f4d19f34031afe4759cb7ad8e2eb8d2c01", - "imagePullPolicy": "IfNotPresent", - "serviceaccount": "tuf-secret-copy-job", - "backoffLimit": 6 - }] - }, - "tsa": { - "type": "object", - "default": {}, - "title": "The tsa Schema", - "required": [ - "enabled", - "namespace", - "forceNamespace", - "server" - ], - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - true - ] - }, - "namespace": { - "type": "object", - "default": {}, - "title": "The namespace Schema", - "required": [ - "name", - "create" - ], - "properties": { - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "tsa-system" - ] + "type": "object" }, - "create": { - "type": "boolean", - "default": false, - "title": "The create Schema", - "examples": [ - true - ] + "tsa": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" } }, - "examples": [{ - "name": "tsa-system", - "create": true - }] + "type": "object" }, - "forceNamespace": { - "type": "string", - "default": "", - "title": "The forceNamespace Schema", - "examples": [ - "tsa-system" - ] - }, - "server": { - "type": "object", - "default": {}, - "title": "The server Schema", - "required": [ - "fullnameOverride" - ], - "properties": { - "fullnameOverride": { - "type": "string", - "default": "", - "title": "The fullnameOverride Schema", - "examples": [ - "tsa-server" - ] - } - }, - "examples": [{ - "fullnameOverride": "tsa-server" - }] + "tolerations": { + "type": "array" } }, - "examples": [{ - "enabled": true, - "namespace": { - "name": "tsa-system", - "create": true - }, - "forceNamespace": "tsa-system", - "server": { - "fullnameOverride": "tsa-server" - } - }] + "type": "object" } }, - "examples": [{ - "fulcio": { - "enabled": true, - "namespace": { - "name": "fulcio-system", - "create": true - }, - "forceNamespace": "fulcio-system", - "server": { - "fullnameOverride": "fulcio-server" - }, - "createcerts": { - "fullnameOverride": "fulcio-createcerts" - }, - "ctlog": { - "enabled": false, - "createctconfig": { - "logPrefix": "sigstorescaffolding" - } - } - }, - "ctlog": { - "enabled": true, - "namespace": { - "name": "ctlog-system", - "create": true - }, - "forceNamespace": "ctlog-system", - "fullnameOverride": "ctlog", - "createcerts": { - "fullnameOverride": "ctlog-createcerts" - }, - "createtree": { - "fullnameOverride": "ctlog-createtree", - "displayName": "ctlog-tree" - } - }, - "rekor": { - "enabled": true, - "namespace": { - "name": "rekor-system", - "create": true - }, - "forceNamespace": "rekor-system", - "fullnameOverride": "rekor", - "server": { - "fullnameOverride": "rekor-server" - }, - "redis": { - "fullnameOverride": "rekor-redis" - }, - "trillian": { - "enabled": false - } - }, - "trillian": { - "enabled": true, - "namespace": { - "name": "trillian-system", - "create": true - }, - "forceNamespace": "trillian-system", - "fullnameOverride": "trillian", - "logServer": { - "name": "trillian-logserver", - "fullnameOverride": "trillian-logserver", - "portHTTP": 8090, - "portRPC": 8091 - }, - "logSigner": { - "name": "trillian-logsigner", - "fullnameOverride": "trillian-logsigner" - }, - "mysql": { - "fullnameOverride": "trillian-mysql" - } - }, - "tuf": { - "enabled": false, - "namespace": { - "name": "tuf-system", - "create": true - }, - "forceNamespace": "tuf-system", - "fullnameOverride": "tuf", - "secrets": { - "rekor": { - "name": "rekor-public-key", - "path": "rekor-pubkey" - }, - "fulcio": { - "name": "fulcio-server-secret", - "path": "fulcio-cert" - }, - "ctlog": { - "name": "ctlog-public-key", - "path": "ctlog-pubkey" - } - } - }, - "copySecretJob": { - "enabled": false, - "name": "copy-secrets-job", - "registry": "docker.io", - "repository": "alpine/k8s", - "version": "sha256:fb0d2db81fb0f98abb1adf5246d6f0f4d19f34031afe4759cb7ad8e2eb8d2c01", - "imagePullPolicy": "IfNotPresent", - "serviceaccount": "tuf-secret-copy-job", - "backoffLimit": 6 - }, - "tsa": { - "enabled": true, - "namespace": { - "name": "tsa-system", - "create": true - }, - "forceNamespace": "tsa-system", - "server": { - "fullnameOverride": "tsa-server" - } - } - }] + "type": "object" } diff --git a/charts/scaffold/values.yaml b/charts/scaffold/values.yaml index 9f04fa8e..b2aeec14 100644 --- a/charts/scaffold/values.yaml +++ b/charts/scaffold/values.yaml @@ -14,6 +14,9 @@ fulcio: enabled: false createctconfig: logPrefix: sigstorescaffolding + tolerations: [] + nodeSelector: {} + affinity: {} # CTLog ctlog: @@ -28,6 +31,10 @@ ctlog: createtree: fullnameOverride: ctlog-createtree displayName: ctlog-tree + tolerations: [] + nodeSelector: {} + affinity: {} + # Rekor rekor: enabled: true @@ -42,6 +49,9 @@ rekor: fullnameOverride: rekor-redis trillian: enabled: false + tolerations: [] + nodeSelector: {} + affinity: {} # Trillian trillian: @@ -61,6 +71,9 @@ trillian: fullnameOverride: trillian-logsigner mysql: fullnameOverride: trillian-mysql + tolerations: [] + nodeSelector: {} + affinity: {} tuf: enabled: false @@ -69,6 +82,9 @@ tuf: create: true forceNamespace: tuf-system fullnameOverride: tuf + tolerations: [] + nodeSelector: {} + affinity: {} secrets: rekor: @@ -93,6 +109,9 @@ copySecretJob: imagePullPolicy: IfNotPresent serviceaccount: tuf-secret-copy-job backoffLimit: 6 + tolerations: [] + nodeSelector: {} + affinity: {} tsa: enabled: false @@ -102,3 +121,6 @@ tsa: forceNamespace: tsa-system server: fullnameOverride: tsa-server + tolerations: [] + nodeSelector: {} + affinity: {}