Skip to content

Commit

Permalink
tuf: Support deployment resources customization
Browse files Browse the repository at this point in the history
This commit adds support for customizing the following values in
the tuf deployment:

- Container resources
- Container security context
- Deployment security context

Signed-off-by: Stephen Fox <[email protected]>
  • Loading branch information
sfox-equinix committed Nov 23, 2024
1 parent 466dfe0 commit 1ef3fc4
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 3 deletions.
2 changes: 1 addition & 1 deletion charts/tuf/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: tuf
description: A framework for securing software update systems - the scaffolding implementation
type: application
version: 0.1.20
version: 0.1.21
appVersion: 0.7.15

home: https://sigstore.dev/
Expand Down
5 changes: 4 additions & 1 deletion charts/tuf/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# tuf

![Version: 0.1.20](https://img.shields.io/badge/Version-0.1.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.15](https://img.shields.io/badge/AppVersion-0.7.15-informational?style=flat-square)
![Version: 0.1.21](https://img.shields.io/badge/Version-0.1.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.15](https://img.shields.io/badge/AppVersion-0.7.15-informational?style=flat-square)

A framework for securing software update systems - the scaffolding implementation

Expand All @@ -21,13 +21,16 @@ A framework for securing software update systems - the scaffolding implementatio
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| deployment.affinity | object | `{}` | |
| deployment.containerSecurityContext | object | `{}` | |
| deployment.imagePullPolicy | string | `"IfNotPresent"` | |
| deployment.name | string | `"tuf"` | |
| deployment.nodeSelector | object | `{}` | |
| deployment.port | int | `8080` | |
| deployment.registry | string | `"ghcr.io"` | |
| deployment.replicas | int | `1` | |
| deployment.repository | string | `"sigstore/scaffolding/server"` | |
| deployment.resources | object | `{}` | |
| deployment.securityContext | object | `{}` | |
| deployment.tolerations | list | `[]` | |
| deployment.version | string | `"sha256:982c6173b6f2f976fd9f58eb543ca9ec5f0d1b7c1a6f7bb0c4b96cff1618c62e"` | |
| enabled | bool | `true` | |
Expand Down
13 changes: 12 additions & 1 deletion charts/tuf/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,22 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace

volumeMounts:
- name: tuf-secrets
mountPath: "/var/run/tuf-secrets"
readOnly: true
{{- if .Values.deployment.resources }}
resources:
{{ toYaml .Values.deployment.resources | indent 10 }}
{{- end }}
{{- if .Values.deployment.containerSecurityContext }}
securityContext:
{{ toYaml .Values.deployment.containerSecurityContext | indent 10 }}
{{- end }}
{{- if .Values.deployment.securityContext }}
securityContext:
{{ toYaml .Values.deployment.securityContext | indent 8 }}
{{- end }}
volumes:
- name: tuf-secrets
projected:
Expand Down
11 changes: 11 additions & 0 deletions charts/tuf/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@
"properties": {},
"type": "object"
},
"containerSecurityContext": {
"properties": {},
"type": "object"
},
"imagePullPolicy": {
"type": "string"
},
Expand All @@ -29,6 +33,13 @@
"repository": {
"type": "string"
},
"resources": {
"type": "object"
},
"securityContext": {
"properties": {},
"type": "object"
},
"tolerations": {
"type": "array"
},
Expand Down
3 changes: 3 additions & 0 deletions charts/tuf/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ deployment:
version: sha256:982c6173b6f2f976fd9f58eb543ca9ec5f0d1b7c1a6f7bb0c4b96cff1618c62e
imagePullPolicy: IfNotPresent
port: 8080
resources: {}
containerSecurityContext: {}
securityContext: {}
tolerations: []
nodeSelector: {}
affinity: {}
Expand Down

0 comments on commit 1ef3fc4

Please sign in to comment.