adds tolerations, nodeSelector, and affinity to fulcio. (#761)

Signed-off-by: ianhundere <[email protected]>
sigstore · Jun 12, 2024 · 58beaf1 · 58beaf1
1 parent dae835b
commit 58beaf1
Show file tree

Hide file tree

Showing 7 changed files with 387 additions and 1,580 deletions.
diff --git a/charts/fulcio/Chart.lock b/charts/fulcio/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: ctlog
   repository: https://sigstore.github.io/helm-charts
-  version: 0.2.52
-digest: sha256:4383152c33869170f861b51048d6a7bbf016a957045a8e60415c2f08e77fff7a
-generated: "2024-03-06T09:03:55.357156842-05:00"
+  version: 0.2.53
+digest: sha256:84690bb522e33e91b86eb0d61028597a0744d2effcfdcc9e0e6279dac53bf139
+generated: "2024-05-24T11:12:04.997965-04:00"
diff --git a/charts/fulcio/Chart.yaml b/charts/fulcio/Chart.yaml
@@ -5,7 +5,7 @@ description: |
 
 type: application
 
-version: 2.3.19
+version: 2.3.20
 appVersion: 1.4.5
 
 keywords:
@@ -19,7 +19,7 @@ maintainers:
 
 dependencies:
   - name: ctlog
-    version: 0.2.52
+    version: 0.2.53
     repository: https://sigstore.github.io/helm-charts
     condition: ctlog.enabled
 

diff --git a/charts/fulcio/README.md b/charts/fulcio/README.md
@@ -78,20 +78,23 @@ helm uninstall [RELEASE_NAME]
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | config.contents | object | `{}` |  |
+| createcerts.affinity | object | `{}` |  |
 | createcerts.annotations | object | `{}` |  |
 | createcerts.enabled | bool | `true` |  |
 | createcerts.image.pullPolicy | string | `"IfNotPresent"` |  |
 | createcerts.image.registry | string | `"ghcr.io"` |  |
 | createcerts.image.repository | string | `"sigstore/scaffolding/createcerts"` |  |
 | createcerts.image.version | string | `"sha256:2aaea38198d25ee53fb1f6da79eaa75c24bcc4ef81792a68687ba2ae0dc8ccf6"` |  |
 | createcerts.name | string | `"createcerts"` |  |
+| createcerts.nodeSelector | object | `{}` |  |
 | createcerts.replicaCount | int | `1` |  |
 | createcerts.securityContext.runAsNonRoot | bool | `true` |  |
 | createcerts.securityContext.runAsUser | int | `65533` |  |
 | createcerts.serviceAccount.annotations | object | `{}` |  |
 | createcerts.serviceAccount.create | bool | `true` |  |
 | createcerts.serviceAccount.mountToken | bool | `true` |  |
 | createcerts.serviceAccount.name | string | `""` |  |
+| createcerts.tolerations | list | `[]` |  |
 | createcerts.ttlSecondsAfterFinished | int | `3600` |  |
 | ctlog.createcerts.fullnameOverride | string | `"ctlog-createcerts"` |  |
 | ctlog.createcerts.name | string | `"ctlog-createcerts"` |  |
@@ -108,6 +111,7 @@ helm uninstall [RELEASE_NAME]
 | imagePullSecrets | list | `[]` |  |
 | namespace.create | bool | `false` |  |
 | namespace.name | string | `"fulcio-system"` |  |
+| server.affinity | object | `{}` |  |
 | server.args.aws_hsm_root_ca_path | string | `nil` |  |
 | server.args.certificateAuthority | string | `"fileca"` |  |
 | server.args.ct_log_url | string | `""` |  |
@@ -153,6 +157,7 @@ helm uninstall [RELEASE_NAME]
 | server.ingresses[0].tls | list | `[]` |  |
 | server.logging.production | bool | `false` |  |
 | server.name | string | `"server"` |  |
+| server.nodeSelector | object | `{}` |  |
 | server.replicaCount | int | `1` |  |
 | server.secret | string | `"fulcio-server-secret"` |  |
 | server.securityContext.runAsNonRoot | bool | `true` |  |
@@ -175,6 +180,7 @@ helm uninstall [RELEASE_NAME]
 | server.serviceAccount.mountToken | bool | `true` |  |
 | server.serviceAccount.name | string | `""` |  |
 | server.svcPort | int | `80` |  |
+| server.tolerations | list | `[]` |  |
 
 ----------------------------------------------
 

diff --git a/charts/fulcio/templates/createcerts-job.yaml b/charts/fulcio/templates/createcerts-job.yaml
@@ -41,4 +41,16 @@ spec:
       securityContext:
 {{ toYaml .Values.createcerts.securityContext | indent 8 }}
     {{- end }}
+    {{- if .Values.createcerts.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.createcerts.nodeSelector | indent 8 }}
+    {{- end }}
+    {{- if .Values.createcerts.tolerations }}
+      tolerations:
+{{ toYaml .Values.createcerts.tolerations | indent 8 }}
+    {{- end }}
+    {{- if .Values.createcerts.affinity }}
+      affinity:
+{{ toYaml .Values.createcerts.affinity | indent 8 }}
+    {{- end }}
 {{- end }}
diff --git a/charts/fulcio/templates/fulcio-deployment.yaml b/charts/fulcio/templates/fulcio-deployment.yaml
@@ -156,3 +156,15 @@ spec:
               - key: {{ .Values.server.grpcSvcTLS.keyField }}
                 path: key.pem
         {{- end }}
+    {{- if .Values.server.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.server.nodeSelector | indent 8 }}
+    {{- end }}
+    {{- if .Values.server.tolerations }}
+      tolerations:
+{{ toYaml .Values.server.tolerations | indent 8 }}
+    {{- end }}
+    {{- if .Values.server.affinity }}
+      affinity:
+{{ toYaml .Values.server.affinity | indent 8 }}
+    {{- end }}