From a77eace02a0595f254c26a5475674fa4eee5f7f5 Mon Sep 17 00:00:00 2001 From: Stephen Fox Date: Fri, 22 Nov 2024 20:36:52 +0000 Subject: [PATCH] tuf: Support deployment resources customization This commit adds support for customizing the following values in the tuf deployment: - Container resources - Container security context - Deployment security context Signed-off-by: Stephen Fox --- charts/tuf/Chart.yaml | 2 +- charts/tuf/README.md | 3 +++ charts/tuf/templates/deployment.yaml | 13 ++++++++++++- charts/tuf/values.schema.json | 11 +++++++++++ charts/tuf/values.yaml | 3 +++ 5 files changed, 30 insertions(+), 2 deletions(-) diff --git a/charts/tuf/Chart.yaml b/charts/tuf/Chart.yaml index 3b52b7ea..0c9236f2 100644 --- a/charts/tuf/Chart.yaml +++ b/charts/tuf/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tuf description: A framework for securing software update systems - the scaffolding implementation type: application -version: 0.1.20 +version: 0.1.21 appVersion: 0.7.15 home: https://sigstore.dev/ diff --git a/charts/tuf/README.md b/charts/tuf/README.md index ba8a632c..a3c97a8b 100644 --- a/charts/tuf/README.md +++ b/charts/tuf/README.md @@ -21,6 +21,7 @@ A framework for securing software update systems - the scaffolding implementatio | Key | Type | Default | Description | |-----|------|---------|-------------| | deployment.affinity | object | `{}` | | +| deployment.containerSecurityContext | object | `{}` | | | deployment.imagePullPolicy | string | `"IfNotPresent"` | | | deployment.name | string | `"tuf"` | | | deployment.nodeSelector | object | `{}` | | @@ -28,6 +29,8 @@ A framework for securing software update systems - the scaffolding implementatio | deployment.registry | string | `"ghcr.io"` | | | deployment.replicas | int | `1` | | | deployment.repository | string | `"sigstore/scaffolding/server"` | | +| deployment.resources | object | `{}` | | +| deployment.securityContext | object | `{}` | | | deployment.tolerations | list | `[]` | | | deployment.version | string | `"sha256:982c6173b6f2f976fd9f58eb543ca9ec5f0d1b7c1a6f7bb0c4b96cff1618c62e"` | | | enabled | bool | `true` | | diff --git a/charts/tuf/templates/deployment.yaml b/charts/tuf/templates/deployment.yaml index aa7fc176..5395452e 100644 --- a/charts/tuf/templates/deployment.yaml +++ b/charts/tuf/templates/deployment.yaml @@ -39,11 +39,22 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - volumeMounts: - name: tuf-secrets mountPath: "/var/run/tuf-secrets" readOnly: true + {{- if .Values.deployment.resources }} + resources: +{{ toYaml .Values.deployment.resources | indent 10 }} + {{- end }} + {{- if .Values.deployment.containerSecurityContext }} + securityContext: +{{ toYaml .Values.deployment.containerSecurityContext | indent 10 }} + {{- end }} + {{- if .Values.deployment.securityContext }} + securityContext: +{{ toYaml .Values.deployment.securityContext | indent 8 }} + {{- end }} volumes: - name: tuf-secrets projected: diff --git a/charts/tuf/values.schema.json b/charts/tuf/values.schema.json index 02fba6de..d95ed651 100644 --- a/charts/tuf/values.schema.json +++ b/charts/tuf/values.schema.json @@ -7,6 +7,10 @@ "properties": {}, "type": "object" }, + "containerSecurityContext": { + "properties": {}, + "type": "object" + }, "imagePullPolicy": { "type": "string" }, @@ -29,6 +33,13 @@ "repository": { "type": "string" }, + "resources": { + "type": "object" + }, + "securityContext": { + "properties": {}, + "type": "object" + }, "tolerations": { "type": "array" }, diff --git a/charts/tuf/values.yaml b/charts/tuf/values.yaml index c9cdca2b..c392fb9b 100644 --- a/charts/tuf/values.yaml +++ b/charts/tuf/values.yaml @@ -15,6 +15,9 @@ deployment: version: sha256:982c6173b6f2f976fd9f58eb543ca9ec5f0d1b7c1a6f7bb0c4b96cff1618c62e imagePullPolicy: IfNotPresent port: 8080 + resources: {} + containerSecurityContext: {} + securityContext: {} tolerations: [] nodeSelector: {} affinity: {}