From 0dec80e1d52fb32fccf832c89b7391e906823d61 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 12 Apr 2023 08:56:10 -0700 Subject: [PATCH 1/5] Switch to persistence (#200) This patch switches the value to persistence to follow the helm convention. fixes: https://github.com/spiffe/helm-charts/issues/199 Signed-off-by: Kevin Fox --- charts/spire/charts/spire-server/README.md | 8 ++++---- .../charts/spire-server/templates/statefulset.yaml | 12 ++++++------ charts/spire/charts/spire-server/values.yaml | 2 +- examples/production/values.yaml | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/spire/charts/spire-server/README.md b/charts/spire/charts/spire-server/README.md index 8a6abd74d..31b5660b4 100644 --- a/charts/spire/charts/spire-server/README.md +++ b/charts/spire/charts/spire-server/README.md @@ -53,10 +53,6 @@ A Helm chart to install the SPIRE server. | controllerManager.validatingWebhookConfiguration.upgradeHook.image.registry | string | `"cgr.dev"` | | | controllerManager.validatingWebhookConfiguration.upgradeHook.image.repository | string | `"chainguard/kubectl"` | | | controllerManager.validatingWebhookConfiguration.upgradeHook.image.version | string | `"latest"` | | -| dataStorage.accessMode | string | `"ReadWriteOnce"` | | -| dataStorage.enabled | bool | `true` | | -| dataStorage.size | string | `"1Gi"` | | -| dataStorage.storageClass | string | `nil` | | | defaultJwtSvidTTL | string | `"1h"` | | | defaultX509SvidTTL | string | `"4h"` | | | extraContainers | list | `[]` | | @@ -80,6 +76,10 @@ A Helm chart to install the SPIRE server. | nodeAttestor.k8sPsat.serviceAccountAllowList | list | `[]` | | | nodeSelector | object | `{}` | | | notifier.k8sbundle.namespace | string | `""` | Namespace to push the bundle into, if blank will default to SPIRE Server namespace | +| persistence.accessMode | string | `"ReadWriteOnce"` | | +| persistence.enabled | bool | `true` | | +| persistence.size | string | `"1Gi"` | | +| persistence.storageClass | string | `nil` | | | podAnnotations | object | `{}` | | | podSecurityContext | object | `{}` | | | replicaCount | int | `1` | SPIRE server currently runs with a sqlite database. Scaling to multiple instances will not work until we use an external database. | diff --git a/charts/spire/charts/spire-server/templates/statefulset.yaml b/charts/spire/charts/spire-server/templates/statefulset.yaml index 2773bf65d..9d57a82b4 100644 --- a/charts/spire/charts/spire-server/templates/statefulset.yaml +++ b/charts/spire/charts/spire-server/templates/statefulset.yaml @@ -91,7 +91,7 @@ spec: - name: spire-config mountPath: /run/spire/config readOnly: true - {{- if eq (.Values.dataStorage.enabled | toString) "true" }} + {{- if eq (.Values.persistence.enabled | toString) "true" }} - name: spire-data mountPath: /run/spire/data readOnly: false @@ -185,16 +185,16 @@ spec: {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} volumeClaimTemplates: - {{- if eq (.Values.dataStorage.enabled | toString) "true" }} + {{- if eq (.Values.persistence.enabled | toString) "true" }} - metadata: name: spire-data spec: accessModes: - - {{ .Values.dataStorage.accessMode | default "ReadWriteOnce" }} + - {{ .Values.persistence.accessMode | default "ReadWriteOnce" }} resources: requests: - storage: {{ .Values.dataStorage.size }} - {{- if .Values.dataStorage.storageClass }} - storageClassName: {{ .Values.dataStorage.storageClass }} + storage: {{ .Values.persistence.size }} + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass }} {{- end }} {{ end }} diff --git a/charts/spire/charts/spire-server/values.yaml b/charts/spire/charts/spire-server/values.yaml index 4206c660f..277663fb0 100644 --- a/charts/spire/charts/spire-server/values.yaml +++ b/charts/spire/charts/spire-server/values.yaml @@ -73,7 +73,7 @@ affinity: {} topologySpreadConstraints: [] -dataStorage: +persistence: enabled: true size: 1Gi accessMode: ReadWriteOnce diff --git a/examples/production/values.yaml b/examples/production/values.yaml index d81d285ce..15247238c 100644 --- a/examples/production/values.yaml +++ b/examples/production/values.yaml @@ -24,7 +24,7 @@ spire-server: seccompProfile: type: RuntimeDefault - dataStorage: + persistence: enabled: true logLevel: info From b82abab3577c1497b3e01055985e0730c816165e Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 12 Apr 2023 13:12:07 -0700 Subject: [PATCH 2/5] Revert "Switch to persistence" (#210) Reverts spiffe/helm-charts#200 Signed-off-by: Kevin Fox --- charts/spire/charts/spire-server/README.md | 8 ++++---- .../charts/spire-server/templates/statefulset.yaml | 12 ++++++------ charts/spire/charts/spire-server/values.yaml | 2 +- examples/production/values.yaml | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/spire/charts/spire-server/README.md b/charts/spire/charts/spire-server/README.md index 31b5660b4..8a6abd74d 100644 --- a/charts/spire/charts/spire-server/README.md +++ b/charts/spire/charts/spire-server/README.md @@ -53,6 +53,10 @@ A Helm chart to install the SPIRE server. | controllerManager.validatingWebhookConfiguration.upgradeHook.image.registry | string | `"cgr.dev"` | | | controllerManager.validatingWebhookConfiguration.upgradeHook.image.repository | string | `"chainguard/kubectl"` | | | controllerManager.validatingWebhookConfiguration.upgradeHook.image.version | string | `"latest"` | | +| dataStorage.accessMode | string | `"ReadWriteOnce"` | | +| dataStorage.enabled | bool | `true` | | +| dataStorage.size | string | `"1Gi"` | | +| dataStorage.storageClass | string | `nil` | | | defaultJwtSvidTTL | string | `"1h"` | | | defaultX509SvidTTL | string | `"4h"` | | | extraContainers | list | `[]` | | @@ -76,10 +80,6 @@ A Helm chart to install the SPIRE server. | nodeAttestor.k8sPsat.serviceAccountAllowList | list | `[]` | | | nodeSelector | object | `{}` | | | notifier.k8sbundle.namespace | string | `""` | Namespace to push the bundle into, if blank will default to SPIRE Server namespace | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.enabled | bool | `true` | | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | | | podAnnotations | object | `{}` | | | podSecurityContext | object | `{}` | | | replicaCount | int | `1` | SPIRE server currently runs with a sqlite database. Scaling to multiple instances will not work until we use an external database. | diff --git a/charts/spire/charts/spire-server/templates/statefulset.yaml b/charts/spire/charts/spire-server/templates/statefulset.yaml index 9d57a82b4..2773bf65d 100644 --- a/charts/spire/charts/spire-server/templates/statefulset.yaml +++ b/charts/spire/charts/spire-server/templates/statefulset.yaml @@ -91,7 +91,7 @@ spec: - name: spire-config mountPath: /run/spire/config readOnly: true - {{- if eq (.Values.persistence.enabled | toString) "true" }} + {{- if eq (.Values.dataStorage.enabled | toString) "true" }} - name: spire-data mountPath: /run/spire/data readOnly: false @@ -185,16 +185,16 @@ spec: {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} volumeClaimTemplates: - {{- if eq (.Values.persistence.enabled | toString) "true" }} + {{- if eq (.Values.dataStorage.enabled | toString) "true" }} - metadata: name: spire-data spec: accessModes: - - {{ .Values.persistence.accessMode | default "ReadWriteOnce" }} + - {{ .Values.dataStorage.accessMode | default "ReadWriteOnce" }} resources: requests: - storage: {{ .Values.persistence.size }} - {{- if .Values.persistence.storageClass }} - storageClassName: {{ .Values.persistence.storageClass }} + storage: {{ .Values.dataStorage.size }} + {{- if .Values.dataStorage.storageClass }} + storageClassName: {{ .Values.dataStorage.storageClass }} {{- end }} {{ end }} diff --git a/charts/spire/charts/spire-server/values.yaml b/charts/spire/charts/spire-server/values.yaml index 277663fb0..4206c660f 100644 --- a/charts/spire/charts/spire-server/values.yaml +++ b/charts/spire/charts/spire-server/values.yaml @@ -73,7 +73,7 @@ affinity: {} topologySpreadConstraints: [] -persistence: +dataStorage: enabled: true size: 1Gi accessMode: ReadWriteOnce diff --git a/examples/production/values.yaml b/examples/production/values.yaml index 15247238c..d81d285ce 100644 --- a/examples/production/values.yaml +++ b/examples/production/values.yaml @@ -24,7 +24,7 @@ spire-server: seccompProfile: type: RuntimeDefault - persistence: + dataStorage: enabled: true logLevel: info From 0f57f5683a425a24c2be45dd1dece58c29d2e8fa Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 13 Apr 2023 13:44:05 -0700 Subject: [PATCH 3/5] Update to the 1.6.3 spire release Update the images to point to the 1.6.3 version of spire. Signed-off-by: Kevin Fox --- charts/spire/Chart.yaml | 2 +- charts/spire/README.md | 2 +- charts/spire/charts/spiffe-oidc-discovery-provider/Chart.yaml | 2 +- charts/spire/charts/spiffe-oidc-discovery-provider/README.md | 2 +- charts/spire/charts/spire-agent/Chart.yaml | 2 +- charts/spire/charts/spire-agent/README.md | 2 +- charts/spire/charts/spire-server/Chart.yaml | 2 +- charts/spire/charts/spire-server/README.md | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/spire/Chart.yaml b/charts/spire/Chart.yaml index 57af39c54..2dcb64098 100644 --- a/charts/spire/Chart.yaml +++ b/charts/spire/Chart.yaml @@ -4,7 +4,7 @@ description: > A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager. type: application version: 0.6.2 -appVersion: "1.6.1" +appVersion: "1.6.3" keywords: ["spiffe", "spire", "spire-server", "spire-agent", "oidc", "spire-controller-manager"] home: https://github.com/spiffe/helm-charts/tree/main/charts/spire sources: diff --git a/charts/spire/README.md b/charts/spire/README.md index 6cfaca276..853e630ca 100644 --- a/charts/spire/README.md +++ b/charts/spire/README.md @@ -2,7 +2,7 @@ -![Version: 0.6.2](https://img.shields.io/badge/Version-0.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square) +![Version: 0.6.2](https://img.shields.io/badge/Version-0.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.3](https://img.shields.io/badge/AppVersion-1.6.3-informational?style=flat-square) [![Development Phase](https://github.com/spiffe/spiffe/blob/main/.img/maturity/dev.svg)](https://github.com/spiffe/spiffe/blob/main/MATURITY.md#development) A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager. diff --git a/charts/spire/charts/spiffe-oidc-discovery-provider/Chart.yaml b/charts/spire/charts/spiffe-oidc-discovery-provider/Chart.yaml index 10a446a54..ac3134e31 100644 --- a/charts/spire/charts/spiffe-oidc-discovery-provider/Chart.yaml +++ b/charts/spire/charts/spiffe-oidc-discovery-provider/Chart.yaml @@ -3,4 +3,4 @@ name: spiffe-oidc-discovery-provider description: A Helm chart to install the SPIFFE OIDC discovery provider. type: application version: 0.1.0 -appVersion: "1.6.1" +appVersion: "1.6.3" diff --git a/charts/spire/charts/spiffe-oidc-discovery-provider/README.md b/charts/spire/charts/spiffe-oidc-discovery-provider/README.md index 3504e7f36..14aacab4f 100644 --- a/charts/spire/charts/spiffe-oidc-discovery-provider/README.md +++ b/charts/spire/charts/spiffe-oidc-discovery-provider/README.md @@ -2,7 +2,7 @@ -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.3](https://img.shields.io/badge/AppVersion-1.6.3-informational?style=flat-square) A Helm chart to install the SPIFFE OIDC discovery provider. diff --git a/charts/spire/charts/spire-agent/Chart.yaml b/charts/spire/charts/spire-agent/Chart.yaml index 97f4859fb..8655cd3d6 100644 --- a/charts/spire/charts/spire-agent/Chart.yaml +++ b/charts/spire/charts/spire-agent/Chart.yaml @@ -3,4 +3,4 @@ name: spire-agent description: A Helm chart to install the SPIRE agent. type: application version: 0.1.0 -appVersion: "1.6.1" +appVersion: "1.6.3" diff --git a/charts/spire/charts/spire-agent/README.md b/charts/spire/charts/spire-agent/README.md index 035c857b2..744e31122 100644 --- a/charts/spire/charts/spire-agent/README.md +++ b/charts/spire/charts/spire-agent/README.md @@ -2,7 +2,7 @@ -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.3](https://img.shields.io/badge/AppVersion-1.6.3-informational?style=flat-square) A Helm chart to install the SPIRE agent. diff --git a/charts/spire/charts/spire-server/Chart.yaml b/charts/spire/charts/spire-server/Chart.yaml index 87c737abc..cb30c507f 100644 --- a/charts/spire/charts/spire-server/Chart.yaml +++ b/charts/spire/charts/spire-server/Chart.yaml @@ -3,4 +3,4 @@ name: spire-server description: A Helm chart to install the SPIRE server. type: application version: 0.1.0 -appVersion: "1.6.1" +appVersion: "1.6.3" diff --git a/charts/spire/charts/spire-server/README.md b/charts/spire/charts/spire-server/README.md index 8a6abd74d..9d8e2f15d 100644 --- a/charts/spire/charts/spire-server/README.md +++ b/charts/spire/charts/spire-server/README.md @@ -2,7 +2,7 @@ -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.3](https://img.shields.io/badge/AppVersion-1.6.3-informational?style=flat-square) A Helm chart to install the SPIRE server. From 6c21f1326467cc04755ae5acdfb7bdc5874b123f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Apr 2023 01:04:15 +0000 Subject: [PATCH 4/5] Bump actions/checkout from 3.5.0 to 3.5.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.0...v3.5.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-chart-ci.yaml | 8 ++++---- .github/workflows/helm-release.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/helm-chart-ci.yaml b/.github/workflows/helm-chart-ci.yaml index c6755c83b..179df3a46 100644 --- a/.github/workflows/helm-chart-ci.yaml +++ b/.github/workflows/helm-chart-ci.yaml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3.5.0 + uses: actions/checkout@v3.5.2 - name: Verify Docs updated run: ./helm-docs.sh @@ -73,7 +73,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3.5.0 + uses: actions/checkout@v3.5.2 with: fetch-depth: 0 @@ -118,7 +118,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3.5.0 + uses: actions/checkout@v3.5.2 - id: set-matrix name: Collect all tests @@ -158,7 +158,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3.5.0 + uses: actions/checkout@v3.5.2 with: fetch-depth: 0 diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml index 66dd0ca46..5f0300cb9 100644 --- a/.github/workflows/helm-release.yaml +++ b/.github/workflows/helm-release.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3.5.0 + uses: actions/checkout@v3.5.2 with: fetch-depth: 0 From ad8bee0d3ff1a75e1cb28f5785b512f1b59407d8 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Fri, 14 Apr 2023 09:00:43 +0200 Subject: [PATCH 5/5] Bump spire Helm Chart version from 0.6.2 to 0.6.3 * 6c21f13 Bump actions/checkout from 3.5.0 to 3.5.2 * 0f57f56 Update to the 1.6.3 spire release * b82abab Revert "Switch to persistence" (#210) * 0dec80e Switch to persistence (#200) Signed-off-by: Marco Franssen --- charts/spire/Chart.yaml | 2 +- charts/spire/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/spire/Chart.yaml b/charts/spire/Chart.yaml index 2dcb64098..2c37c3fa9 100644 --- a/charts/spire/Chart.yaml +++ b/charts/spire/Chart.yaml @@ -3,7 +3,7 @@ name: spire description: > A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager. type: application -version: 0.6.2 +version: 0.6.3 appVersion: "1.6.3" keywords: ["spiffe", "spire", "spire-server", "spire-agent", "oidc", "spire-controller-manager"] home: https://github.com/spiffe/helm-charts/tree/main/charts/spire diff --git a/charts/spire/README.md b/charts/spire/README.md index 853e630ca..b842370f4 100644 --- a/charts/spire/README.md +++ b/charts/spire/README.md @@ -2,7 +2,7 @@ -![Version: 0.6.2](https://img.shields.io/badge/Version-0.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.3](https://img.shields.io/badge/AppVersion-1.6.3-informational?style=flat-square) +![Version: 0.6.3](https://img.shields.io/badge/Version-0.6.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.3](https://img.shields.io/badge/AppVersion-1.6.3-informational?style=flat-square) [![Development Phase](https://github.com/spiffe/spiffe/blob/main/.img/maturity/dev.svg)](https://github.com/spiffe/spiffe/blob/main/MATURITY.md#development) A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.