From 772ea114675b7f0104e50248b80b03ca8da11d05 Mon Sep 17 00:00:00 2001 From: ian hundere <138915+ianhundere@users.noreply.github.com> Date: Fri, 24 May 2024 10:07:38 -0400 Subject: [PATCH] adds tolerations, nodeSelector, and affinity to tsa. (#758) Signed-off-by: ianhundere <138915+ianhundere@users.noreply.github.com> --- charts/tsa/Chart.yaml | 2 +- charts/tsa/README.md | 3 + charts/tsa/templates/tsa-deployment.yaml | 12 + charts/tsa/values.schema.json | 772 ++++------------------- charts/tsa/values.yaml | 3 + 5 files changed, 147 insertions(+), 645 deletions(-) diff --git a/charts/tsa/Chart.yaml b/charts/tsa/Chart.yaml index 99704d8c..b3e90539 100644 --- a/charts/tsa/Chart.yaml +++ b/charts/tsa/Chart.yaml @@ -5,7 +5,7 @@ description: | type: application -version: 1.0.2 +version: 1.0.3 appVersion: 1.2.1 keywords: diff --git a/charts/tsa/README.md b/charts/tsa/README.md index 6e0199ad..af1aa72b 100644 --- a/charts/tsa/README.md +++ b/charts/tsa/README.md @@ -92,6 +92,7 @@ helm uninstall [RELEASE_NAME] | forceNamespace | string | `""` | | | namespace.create | bool | `false` | | | namespace.name | string | `"tsa-system"` | | +| server.affinity | object | `{}` | | | server.args.cert_chain | string | `"chain"` | | | server.args.kms_key_resource | string | `"resource"` | | | server.args.port | int | `5555` | | @@ -113,6 +114,7 @@ helm uninstall [RELEASE_NAME] | server.ingress.http.tls | list | `[]` | | | server.logging.production | bool | `false` | | | server.name | string | `"server"` | | +| server.nodeSelector | object | `{}` | | | server.replicaCount | int | `1` | | | server.secret | string | `"tsa-server-secret"` | | | server.securityContext.runAsNonRoot | bool | `true` | | @@ -131,6 +133,7 @@ helm uninstall [RELEASE_NAME] | server.serviceAccount.mountToken | bool | `true` | | | server.serviceAccount.name | string | `""` | | | server.svcPort | int | `80` | | +| server.tolerations | list | `[]` | | ---------------------------------------------- diff --git a/charts/tsa/templates/tsa-deployment.yaml b/charts/tsa/templates/tsa-deployment.yaml index 419dcd64..510299a5 100644 --- a/charts/tsa/templates/tsa-deployment.yaml +++ b/charts/tsa/templates/tsa-deployment.yaml @@ -105,3 +105,15 @@ spec: - key: private path: key.pem {{- end }} + {{- if .Values.server.nodeSelector }} + nodeSelector: +{{ toYaml .Values.server.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.server.tolerations }} + tolerations: +{{ toYaml .Values.server.tolerations | indent 8 }} + {{- end }} + {{- if .Values.server.affinity }} + affinity: +{{ toYaml .Values.server.affinity | indent 8 }} + {{- end }} diff --git a/charts/tsa/values.schema.json b/charts/tsa/values.schema.json index fe4dd5c7..460c0470 100644 --- a/charts/tsa/values.schema.json +++ b/charts/tsa/values.schema.json @@ -1,720 +1,204 @@ { - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "http://example.com/example.json", - "type": "object", - "default": {}, - "title": "Root Schema", - "required": [ - "namespace", - "server", - "forceNamespace" - ], + "$schema": "https://json-schema.org/draft/2020-12/schema", "properties": { + "forceNamespace": { + "type": "string" + }, "namespace": { - "type": "object", - "default": {}, - "title": "The namespace Schema", - "required": [ - "create", - "name" - ], "properties": { "create": { - "type": "boolean", - "default": false, - "title": "The create Schema", - "examples": [ - false - ] + "type": "boolean" }, "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "tsa-system" - ] + "type": "string" } }, - "examples": [{ - "create": false, - "name": "tsa-system" - }] + "type": "object" }, "server": { - "type": "object", - "default": {}, - "title": "The server Schema", - "required": [ - "replicaCount", - "name", - "svcPort", - "grpcSvcPort", - "secret", - "logging", - "env", - "image", - "args", - "serviceAccount", - "service", - "ingress", - "securityContext" - ], "properties": { - "replicaCount": { - "type": "integer", - "default": 0, - "title": "The replicaCount Schema", - "examples": [ - 1 - ] - }, - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "server" - ] - }, - "svcPort": { - "type": "integer", - "default": 0, - "title": "The svcPort Schema", - "examples": [ - 80 - ] - }, - "grpcSvcPort": { - "type": "integer", - "default": 0, - "title": "The grpcSvcPort Schema", - "examples": [ - 5554 - ] - }, - "secret": { - "type": "string", - "default": "", - "title": "The secret Schema", - "examples": [ - "tsa-server-secret" - ] - }, - "logging": { - "type": "object", - "default": {}, - "title": "The logging Schema", - "required": [ - "production" - ], - "properties": { - "production": { - "type": "boolean", - "default": false, - "title": "The production Schema", - "examples": [ - false - ] - } - }, - "examples": [{ - "production": false - }] - }, - "env": { - "type": "object", - "default": {}, - "title": "The env Schema", - "required": [], + "affinity": { "properties": {}, - "examples": [{}] + "type": "object" }, - "image": { - "type": "object", - "default": {}, - "title": "The image Schema", - "required": [ - "registry", - "repository", - "pullPolicy", - "version" - ], + "args": { "properties": { - "registry": { - "type": "string", - "default": "", - "title": "The registry Schema", - "examples": [ - "ghcr.io" - ] - }, - "repository": { - "type": "string", - "default": "", - "title": "The repository Schema", - "examples": [ - "sigstore/timestamp-server" - ] + "cert_chain": { + "type": "string" }, - "pullPolicy": { - "type": "string", - "default": "", - "title": "The pullPolicy Schema", - "examples": [ - "IfNotPresent" - ] + "kms_key_resource": { + "type": "string" }, - "version": { - "type": "string", - "default": "", - "title": "The version Schema", - "examples": [ - "sha256:6d923276ff81b814c99d8c901184ebb8b9a0411eacf61d9fe0b26fce68e5a5ee" - ] - } - }, - "examples": [{ - "registry": "ghcr.io", - "repository": "sigstore/timestamp-server", - "pullPolicy": "IfNotPresent", - "version": "sha256:6d923276ff81b814c99d8c901184ebb8b9a0411eacf61d9fe0b26fce68e5a5ee" - }] - }, - "args": { - "type": "object", - "default": {}, - "title": "The args Schema", - "required": [ - "port", - "signer", - "cert_chain", - "tink_enc_keyset", - "tink_key_resource", - "tink_hcvault_token", - "kms_key_resource" - ], - "properties": { "port": { - "type": "integer", - "default": 0, - "title": "The port Schema", - "examples": [ - 5555 - ] + "type": "integer" }, "signer": { - "type": "string", - "default": "", - "title": "The signer Schema", - "examples": [ - "tink" - ] - }, - "cert_chain": { - "type": "string", - "default": "", - "title": "The cert_chain Schema", - "examples": [ - "chain" - ] + "type": "string" }, "tink_enc_keyset": { - "type": "string", - "default": "", - "title": "The tink_enc_keyset Schema", - "examples": [ - "keyset" - ] - }, - "tink_key_resource": { - "type": "string", - "default": "", - "title": "The tink_key_resource Schema", - "examples": [ - "resource" - ] + "type": "string" }, "tink_hcvault_token": { - "type": "string", - "default": "", - "title": "The tink_hcvault_token Schema", - "examples": [ - "token" - ] + "type": "string" }, - "kms_key_resource": { - "type": "string", - "default": "", - "title": "The kms_key_resource Schema", - "examples": [ - "resource" - ] + "tink_key_resource": { + "type": "string" } }, - "examples": [{ - "port": 5555, - "signer": "tink", - "cert_chain": "chain", - "tink_enc_keyset": "keyset", - "tink_key_resource": "resource", - "tink_hcvault_token": "token", - "kms_key_resource": "resource" - }] + "type": "object" }, - "serviceAccount": { - "type": "object", - "default": {}, - "title": "The serviceAccount Schema", - "required": [ - "create", - "name", - "annotations", - "mountToken" - ], + "env": { "properties": { - "create": { - "type": "boolean", - "default": false, - "title": "The create Schema", - "examples": [ - true - ] - }, - "name": { - "type": "string", - "default": "", - "title": "The name Schema", - "examples": [ - "" - ] - }, - "annotations": { - "type": "object", - "default": {}, - "title": "The annotations Schema", - "required": [], - "properties": {}, - "examples": [{}] - }, - "mountToken": { - "type": "boolean", - "default": false, - "title": "The mountToken Schema", - "examples": [ - true - ] + "GOOGLE_APPLICATION_CREDENTIALS": { + "type": "string" } }, - "examples": [{ - "create": true, - "name": "", - "annotations": {}, - "mountToken": true - }] + "type": "object" }, - "service": { - "type": "object", - "default": {}, - "title": "The service Schema", - "required": [ - "type", - "ports" - ], + "grpcSvcPort": { + "type": "integer" + }, + "image": { "properties": { - "type": { - "type": "string", - "default": "", - "title": "The type Schema", - "examples": [ - "ClusterIP" - ] + "pullPolicy": { + "type": "string" }, - "ports": { - "type": "array", - "default": [], - "title": "The ports Schema", - "items": { - "type": "object", - "title": "A Schema", - "required": [ - "name", - "port", - "protocol", - "targetPort" - ], - "properties": { - "name": { - "type": "string", - "title": "The name Schema", - "examples": [ - "http", - "metrics" - ] - }, - "port": { - "type": "integer", - "title": "The port Schema", - "examples": [ - 80, - 2112 - ] - }, - "protocol": { - "type": "string", - "title": "The protocol Schema", - "examples": [ - "TCP" - ] - }, - "targetPort": { - "type": "integer", - "title": "The targetPort Schema", - "examples": [ - 5555, - 2112 - ] - } - }, - "examples": [{ - "name": "http", - "port": 80, - "protocol": "TCP", - "targetPort": 5555 - }, - { - "name": "metrics", - "port": 2112, - "protocol": "TCP", - "targetPort": 2112 - }] - }, - "examples": [ - [{ - "name": "http", - "port": 80, - "protocol": "TCP", - "targetPort": 5555 - }, - { - "name": "metrics", - "port": 2112, - "protocol": "TCP", - "targetPort": 2112 - }] - ] + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "version": { + "type": "string" } }, - "examples": [{ - "type": "ClusterIP", - "ports": [{ - "name": "http", - "port": 80, - "protocol": "TCP", - "targetPort": 5555 - }, - { - "name": "metrics", - "port": 2112, - "protocol": "TCP", - "targetPort": 2112 - }] - }] + "type": "object" }, "ingress": { - "type": "object", - "default": {}, - "title": "The ingress Schema", - "required": [ - "http" - ], "properties": { "http": { - "type": "object", - "default": {}, - "title": "The http Schema", - "required": [ - "enabled", - "className", - "annotations", - "hosts", - "tls" - ], "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "The enabled Schema", - "examples": [ - true - ] + "annotations": { + "properties": {}, + "type": "object" }, "className": { - "type": "string", - "default": "", - "title": "The className Schema", - "examples": [ - "nginx" - ] + "type": "string" }, - "annotations": { - "type": "object", - "default": {}, - "title": "The annotations Schema", - "required": [], - "properties": {}, - "examples": [{}] + "enabled": { + "type": "boolean" }, "hosts": { - "type": "array", - "default": [], - "title": "The hosts Schema", "items": { - "type": "object", - "default": {}, - "title": "A Schema", - "required": [ - "path", - "host" - ], "properties": { - "path": { - "type": "string", - "default": "", - "title": "The path Schema", - "examples": [ - "/" - ] - }, "host": { - "type": "string", - "default": "", - "title": "The host Schema", - "examples": [ - "timestamp.localhost" - ] + "type": "string" + }, + "path": { + "type": "string" } }, - "examples": [{ - "path": "/", - "host": "timestamp.localhost" - }] + "type": "object" }, - "examples": [ - [{ - "path": "/", - "host": "timestamp.localhost" - }] - ] + "type": "array" }, "tls": { - "type": "array", - "default": [], - "title": "The tls Schema", - "items": {}, - "examples": [ - [] - ] + "type": "array" } }, - "examples": [{ - "enabled": true, - "className": "nginx", - "annotations": {}, - "hosts": [{ - "path": "/", - "host": "timestamp.localhost" - }], - "tls": [] - }] + "type": "object" } }, - "examples": [{ - "http": { - "enabled": true, - "className": "nginx", - "annotations": {}, - "hosts": [{ - "path": "/", - "host": "timestamp.localhost" - }], - "tls": [] + "type": "object" + }, + "logging": { + "properties": { + "production": { + "type": "boolean" } - }] + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "nodeSelector": { + "properties": {}, + "type": "object" + }, + "replicaCount": { + "type": "integer" + }, + "secret": { + "type": "string" }, "securityContext": { - "type": "object", - "default": {}, - "title": "The securityContext Schema", - "required": [ - "runAsNonRoot", - "runAsUser" - ], "properties": { "runAsNonRoot": { - "type": "boolean", - "default": false, - "title": "The runAsNonRoot Schema", - "examples": [ - true - ] + "type": "boolean" }, "runAsUser": { - "type": "integer", - "default": 0, - "title": "The runAsUser Schema", - "examples": [ - 65533 - ] + "type": "integer" } }, - "examples": [{ - "runAsNonRoot": true, - "runAsUser": 65533 - }] - } - }, - "examples": [{ - "replicaCount": 1, - "name": "server", - "svcPort": 80, - "grpcSvcPort": 5554, - "secret": "tsa-server-secret", - "logging": { - "production": false + "type": "object" }, - "env": {}, - "image": { - "registry": "ghcr.io", - "repository": "sigstore/timestamp-server", - "pullPolicy": "IfNotPresent", - "version": "sha256:6d923276ff81b814c99d8c901184ebb8b9a0411eacf61d9fe0b26fce68e5a5ee" - }, - "args": { - "port": 5555, - "signer": "tink", - "cert_chain": "chain", - "tink_enc_keyset": "keyset", - "tink_key_resource": "resource", - "tink_hcvault_token": "token", - "kms_key_resource": "resource" + "service": { + "properties": { + "ports": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "type": "object" }, "serviceAccount": { - "create": true, - "name": "", - "annotations": {}, - "mountToken": true - }, - "service": { - "type": "ClusterIP", - "ports": [{ - "name": "http", - "port": 80, - "protocol": "TCP", - "targetPort": 5555 + "properties": { + "annotations": { + "properties": {}, + "type": "object" + }, + "create": { + "type": "boolean" + }, + "mountToken": { + "type": "boolean" + }, + "name": { + "type": "string" + } }, - { - "name": "metrics", - "port": 2112, - "protocol": "TCP", - "targetPort": 2112 - }] + "type": "object" }, - "ingress": { - "http": { - "enabled": true, - "className": "nginx", - "annotations": {}, - "hosts": [{ - "path": "/", - "host": "timestamp.localhost" - }], - "tls": [] - } + "svcPort": { + "type": "integer" }, - "securityContext": { - "runAsNonRoot": true, - "runAsUser": 65533 + "tolerations": { + "type": "array" } - }] - }, - "forceNamespace": { - "type": "string", - "default": "", - "title": "The forceNamespace Schema", - "examples": [ - "" - ] + }, + "type": "object" } }, - "examples": [{ - "namespace": { - "create": false, - "name": "tsa-system" - }, - "server": { - "replicaCount": 1, - "name": "server", - "svcPort": 80, - "grpcSvcPort": 5554, - "secret": "tsa-server-secret", - "logging": { - "production": false - }, - "env": {}, - "image": { - "registry": "ghcr.io", - "repository": "sigstore/timestamp-server", - "pullPolicy": "IfNotPresent", - "version": "sha256:6d923276ff81b814c99d8c901184ebb8b9a0411eacf61d9fe0b26fce68e5a5ee" - }, - "args": { - "port": 5555, - "signer": "tink", - "cert_chain": "chain", - "tink_enc_keyset": "keyset", - "tink_key_resource": "resource", - "tink_hcvault_token": "token", - "kms_key_resource": "resource" - }, - "serviceAccount": { - "create": true, - "name": "", - "annotations": {}, - "mountToken": true - }, - "service": { - "type": "ClusterIP", - "ports": [{ - "name": "http", - "port": 80, - "protocol": "TCP", - "targetPort": 5555 - }, - { - "name": "metrics", - "port": 2112, - "protocol": "TCP", - "targetPort": 2112 - }] - }, - "ingress": { - "http": { - "enabled": true, - "className": "nginx", - "annotations": {}, - "hosts": [{ - "path": "/", - "host": "timestamp.localhost" - }], - "tls": [] - } - }, - "securityContext": { - "runAsNonRoot": true, - "runAsUser": 65533 - } - }, - "forceNamespace": "" - }] -} \ No newline at end of file + "type": "object" +} diff --git a/charts/tsa/values.yaml b/charts/tsa/values.yaml index 1a202adb..06b5806f 100644 --- a/charts/tsa/values.yaml +++ b/charts/tsa/values.yaml @@ -57,6 +57,9 @@ server: securityContext: runAsNonRoot: true runAsUser: 65533 + tolerations: [] + nodeSelector: {} + affinity: {} # Force namespace of namespaced resources forceNamespace: ""