diff --git a/charts/ratify/README.md b/charts/ratify/README.md index 448d34133..6e21e95a2 100644 --- a/charts/ratify/README.md +++ b/charts/ratify/README.md @@ -41,6 +41,8 @@ $ helm upgrade -n gatekeeper-system [RELEASE_NAME] ratify/ratify | nameOverride | Overrides the ratify.name used to determine the ratify full name template | `` | | fullnameOverride | Overrides the ratify applicaiton full name template | `` | | replicaCount | The number of Ratify replicas in deployment | 1 | +| affinity | Pod affinity for the Ratify deployment | `{}` | +| tolerations | Pod tolerations for the Ratify deployment | `[]` | | notationCert | Public certificate/certificate chain used to create inline certstore used by Notation verifier. | `` | | cosign.enabled | Enables/disables cosign tag-based signature lookup in ORAS store. MUST be set to true for cosign verification. | `true` | | cosign.key | Public certificate used by cosign verifier | `` | @@ -86,8 +88,8 @@ $ helm upgrade -n gatekeeper-system [RELEASE_NAME] ratify/ratify | rbac.create | Enable/disable RBAC roles for ratify manager | `true` | | upgradeCRDs.enabled | Enable/disable Ratify CRD upgrades as pre-install chart hooks | `true` | | upgradeCRDs.extraRules | List of rules to add to Ratify CRD upgrade ClusterRole | `[]` | -| crds.affinity | | `{}` | -| crds.tolerations | | `[]` | +| crds.affinity | Pod affinity for the upgrade CRD Job | `{}` | +| crds.tolerations | Pod tolerations for the upgrade CRD Job | `[]` | | crds.nodeSelector | | `{kubernetes.io/os: linux}` | | crds.resources | Resource limits/requests for ratify upgrade CRD job | `` | | crds.securityContext.allowPrivilegeEscalation | Enables/disables privilege elevation for crd upgrade container | `false` | @@ -111,4 +113,4 @@ $ helm upgrade -n gatekeeper-system [RELEASE_NAME] ratify/ratify | akvCertConfig.cert1Version | Exact version of certificate to use from AKV | `` | | akvCertConfig.cert2Name | Exact name of the certificate stored in AKV | `` | | akvCertConfig.cert2Version | Exact version of certificate to use from AKV | `` | -| akvCertConfig.tenantId | TenantID of the configured AKV resource | `` | \ No newline at end of file +| akvCertConfig.tenantId | TenantID of the configured AKV resource | `` | diff --git a/charts/ratify/templates/deployment.yaml b/charts/ratify/templates/deployment.yaml index 0df4017c4..01175c939 100644 --- a/charts/ratify/templates/deployment.yaml +++ b/charts/ratify/templates/deployment.yaml @@ -184,3 +184,8 @@ spec: - key: ca.crt path: ca.crt {{- end }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml index eae08300b..096797046 100644 --- a/charts/ratify/values.yaml +++ b/charts/ratify/values.yaml @@ -7,6 +7,8 @@ image: nameOverride: "" fullnameOverride: "" replicaCount: 1 +affinity: {} +tolerations: [] notationCert: "" cosign: enabled: true