feat: Add refreshInterval to the helm chart Values (ratify-project#1773)

binbin-li · Sep 14, 2024 · 42ab80d · 42ab80d
1 parent dd1993b
commit 42ab80d
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/charts/ratify/README.md b/charts/ratify/README.md
@@ -135,7 +135,8 @@ Values marked `# DEPRECATED` in the `values.yaml` as well as **DEPRECATED** in t
 | azurekeyvault.vaultURI                             | Vault URI for Azure Key Vault                                                                                                                                                                                                                                                                                                                                          | ``                                |
 | azurekeyvault.tenantId                             | Tenant ID of the configured Azure Key Vault resource                                                                                                                                                                                                                                                                                                                   | ``                                |
 | azurekeyvault.certificates                         | An array of certificate objects identified by `name` and `version` (optional) stored in Azure Key Vault                                                                                                                                                                                                                                                                | `[]`                              |
-| azurekeyvault.keys                                 | An array of key objects identified by `name` and `version` (optional) stored in Azure Key Vault                                                                                                                                                                                                                                                                        | `[]`                              |
+| azurekeyvault.keys                                 | An array of key objects identified by `name` and `version` (optional) stored in Azure Key Vault                                                                                                                                                                                                                  | `[]`                              |
+| azurekeyvault.refreshInterval                      | time duration to refresh the certificates/keys. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Example: 1h, 30m, 1h30m. If it's not set, the refresh functionality will be disabled.                                                                                                                                                                                                                      | ``                                |
 | notationCert                                       | **DEPRECATED** Please switch to `notationCerts` to specify an array of verification certificates. Public certificate/certificate chain used to create inline certstore used by Notation verifier.                                                                                                                                                                      | ``                                |
 | akvCertConfig.enabled                              | **DEPRECATED** Please use `azurekeyvault.enabled` instead. Enables/disables Azure Key Vault certificate store. If you are using a custom chart, certificate store should be referenced through a Verifier CR. References in ConfigMap will not be correctly resolved.                                                                                                  | `false`                           |
 | akvCertConfig.vaultURI                             | **DEPRECATED** Please use `azurekeyvault.vaultURI` instead. Vault URI for AKV configured                                                                                                                                                                                                                                                                               | ``                                |

diff --git a/charts/ratify/templates/akv-key-management-provider.yaml b/charts/ratify/templates/akv-key-management-provider.yaml
@@ -8,6 +8,9 @@ metadata:
     helm.sh/hook-weight: "5"
 spec:
   type: azurekeyvault
+  {{- if .Values.azurekeyvault.refreshInterval }}
+  refreshInterval: {{ .Values.azurekeyvault.refreshInterval  }}
+  {{- end }}
   parameters:
     {{- if .Values.azurekeyvault.vaultURI }}
     vaultURI: {{ .Values.azurekeyvault.vaultURI  }}

diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml
@@ -76,6 +76,7 @@ azurekeyvault:
   tenantId:
   certificates: []
   keys: []
+  refreshInterval:
 
 oras:
   useHttp: false