Allow specifying resources in fulcio createcerts job #899
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Contributor
|
Hi @philarcand, thanks for the PR. Can you update the values schema please? Thanks |
…rver Signed-off-by: Philippe Arcand <[email protected]>
Author
|
Hi @vipulagarwal , thanks for reviewing. I modified the schema in 48d0a71 |
Author
|
Hi @vipulagarwal , just checking on the status of this PR. |
Bumps the actions group with 1 update: [actions/setup-python](https://github.com/actions/setup-python). Updates `actions/setup-python` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@0b93645...4237552) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Hayden Blauzvern <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Hayden Blauzvern <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
…store#908) Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
* ci: add workflow to validate schema Signed-off-by: falcorocks <[email protected]> * fix: policy controller chart schema removes keys required and additonalProperties from the controller chart schema that were added by mistake in 142e34b see https://sigstore.slack.com/archives/C03096V09F1/p1737627750048369 Signed-off-by: falcorocks <[email protected]> * Update .github/workflows/check-schema-policy-controller.yml Co-authored-by: Bob Callaway <[email protected]> Signed-off-by: falcorocks <[email protected]> * ci: remove go version from setup-go step Signed-off-by: falcorocks <[email protected]> * ci: pin version of setup-go action to v5.3.0 digest (latest) Signed-off-by: falcorocks <[email protected]> --------- Signed-off-by: falcorocks <[email protected]> Co-authored-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Philippe Arcand <[email protected]>
…ok deployment (sigstore#894) * feat: add optional resources requests and limits to cleanup job Signed-off-by: falcorocks <[email protected]> * feat: add optional podSecurity context to cleanup job Signed-off-by: falcorocks <[email protected]> * feat: add optional priorityClass to cleanup job Signed-off-by: falcorocks <[email protected]> * feat: add optional priorityClass to webhook Signed-off-by: falcorocks <[email protected]> * feat: add optional envFrom to webhook Signed-off-by: falcorocks <[email protected]> * feat: add optional automountServiceAccountToken to cleanup job Signed-off-by: falcorocks <[email protected]> * feat: add optional automountServiceAccountToken to webhook Signed-off-by: falcorocks <[email protected]> * chore: bump version Signed-off-by: falcorocks <[email protected]> --------- Signed-off-by: falcorocks <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Philippe Arcand <[email protected]>
…store#995) Bumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `sigstore/cosign-installer` from 3.8.2 to 3.9.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@3454372...fb28c2b) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Philippe Arcand <[email protected]>
…store#996) Bumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `sigstore/cosign-installer` from 3.9.0 to 3.9.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@fb28c2b...398d4b0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
* bump fulcio for scaffolding v0.7.24 release Signed-off-by: Bob Callaway <[email protected]> * bump Chart.lock Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
* bump policy-controller chart for v0.13.0 release Signed-off-by: Bob Callaway <[email protected]> * update schema description Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
* Trillian: fix log signer forceMaster always true Signed-off-by: Aaron Howland <[email protected]> * Bump trillian to v0.3.7 Signed-off-by: Aaron Howland <[email protected]> --------- Signed-off-by: Aaron Howland <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Aaron Howland <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
This changes the logic for how redis.hostname is set. Either Redis is deployed via K8s, at which point the hostname is either set to the fullname by default or the provided hostname, or Redis is externally managed at which point the hostname is set to the provided hostname. The flags to Rekor will only be set when hostname is not empty, so they will not be set if Redis is disabled or an empty hostname is provided, which is the default. Signed-off-by: Hayden B <[email protected]> Co-authored-by: Hayden B <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Followup from last PR Signed-off-by: Hayden <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
…store#1014) Bumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `sigstore/cosign-installer` from 3.9.1 to 3.9.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@398d4b0...d58896d) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.9.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
…re#1020) Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: philarcand <[email protected]> Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: Philippe Arcand <[email protected]>
Signed-off-by: philarcand <[email protected]>
Author
|
I rebased this PR and updated the versions if anyone wants to take a look. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the change
This PR adds the ability to specify resources to the fulcio createcerts job, and documents resources under server.
Existing or Associated Issue(s)
It is currently impossible to specify resources for the fulcio createcerts job, which is problematic for deployments where ResourceQuota is being used, forcing the use of LimitRange.
Checklist
Chart.yamlaccording to semver. Where applicable, update and bump the versions in any associated umbrella chartvalues.yamland added to the README.md. The helm-docs utility can be used to generate the necessary content. Usehelm-docs --dry-runto preview the content.ct lintcommand.