Skip to content

Commit

Permalink
chore: Add ability to configure affinity and tolerations to Helm chart (
Browse files Browse the repository at this point in the history 
ratify-project#1130)
  • Loading branch information
@bspaans
bspaans authored Oct 17, 2023
1 parent f5eaa99 commit 585853d
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 3 deletions.
8 changes: 5 additions & 3 deletions charts/ratify/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@ $ helm upgrade -n gatekeeper-system [RELEASE_NAME] ratify/ratify
| nameOverride | Overrides the ratify.name used to determine the ratify full name template | `` |
| fullnameOverride | Overrides the ratify applicaiton full name template | `` |
| replicaCount | The number of Ratify replicas in deployment | 1 |
| affinity | Pod affinity for the Ratify deployment | `{}` |
| tolerations | Pod tolerations for the Ratify deployment | `[]` |
| notationCert | Public certificate/certificate chain used to create inline certstore used by Notation verifier. | `` |
| cosign.enabled | Enables/disables cosign tag-based signature lookup in ORAS store. MUST be set to true for cosign verification. | `true` |
| cosign.key | Public certificate used by cosign verifier | `` |
Expand Down Expand Up @@ -86,8 +88,8 @@ $ helm upgrade -n gatekeeper-system [RELEASE_NAME] ratify/ratify
| rbac.create | Enable/disable RBAC roles for ratify manager | `true` |
| upgradeCRDs.enabled | Enable/disable Ratify CRD upgrades as pre-install chart hooks | `true` |
| upgradeCRDs.extraRules | List of rules to add to Ratify CRD upgrade ClusterRole | `[]` |
| crds.affinity | | `{}` |
| crds.tolerations | | `[]` |
| crds.affinity | Pod affinity for the upgrade CRD Job | `{}` |
| crds.tolerations | Pod tolerations for the upgrade CRD Job | `[]` |
| crds.nodeSelector | | `{kubernetes.io/os: linux}` |
| crds.resources | Resource limits/requests for ratify upgrade CRD job | `` |
| crds.securityContext.allowPrivilegeEscalation | Enables/disables privilege elevation for crd upgrade container | `false` |
Expand All @@ -111,4 +113,4 @@ $ helm upgrade -n gatekeeper-system [RELEASE_NAME] ratify/ratify
| akvCertConfig.cert1Version | Exact version of certificate to use from AKV | `` |
| akvCertConfig.cert2Name | Exact name of the certificate stored in AKV | `` |
| akvCertConfig.cert2Version | Exact version of certificate to use from AKV | `` |
| akvCertConfig.tenantId | TenantID of the configured AKV resource | `` |
| akvCertConfig.tenantId | TenantID of the configured AKV resource | `` |
5 changes: 5 additions & 0 deletions charts/ratify/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,3 +184,8 @@ spec:
- key: ca.crt
path: ca.crt
{{- end }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}

2 changes: 2 additions & 0 deletions charts/ratify/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ image:
nameOverride: ""
fullnameOverride: ""
replicaCount: 1
affinity: {}
tolerations: []
notationCert: ""
cosign:
enabled: true
Expand Down

0 comments on commit 585853d

Please sign in to comment.