Allow specifying resources in fulcio createcerts job #899
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Contributor
|
Hi @philarcand, thanks for the PR. Can you update the values schema please? Thanks |
…rver Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Author
|
Hi @vipulagarwal , thanks for reviewing. I modified the schema in 48d0a71 |
Author
|
Hi @vipulagarwal , just checking on the status of this PR. |
Bumps the actions group with 1 update: [actions/setup-python](https://github.com/actions/setup-python). Updates `actions/setup-python` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@0b93645...4237552) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
…store#908) Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
* ci: add workflow to validate schema Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * fix: policy controller chart schema removes keys required and additonalProperties from the controller chart schema that were added by mistake in 142e34b see https://sigstore.slack.com/archives/C03096V09F1/p1737627750048369 Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * Update .github/workflows/check-schema-policy-controller.yml Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com> Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * ci: remove go version from setup-go step Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * ci: pin version of setup-go action to v5.3.0 digest (latest) Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> --------- Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
…ok deployment (sigstore#894) * feat: add optional resources requests and limits to cleanup job Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * feat: add optional podSecurity context to cleanup job Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * feat: add optional priorityClass to cleanup job Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * feat: add optional priorityClass to webhook Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * feat: add optional envFrom to webhook Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * feat: add optional automountServiceAccountToken to cleanup job Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * feat: add optional automountServiceAccountToken to webhook Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> * chore: bump version Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> --------- Signed-off-by: falcorocks <14293929+falcorocks@users.noreply.github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
…store#995) Bumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `sigstore/cosign-installer` from 3.8.2 to 3.9.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@3454372...fb28c2b) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
…store#996) Bumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `sigstore/cosign-installer` from 3.9.0 to 3.9.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@fb28c2b...398d4b0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
* bump fulcio for scaffolding v0.7.24 release Signed-off-by: Bob Callaway <bcallaway@google.com> * bump Chart.lock Signed-off-by: Bob Callaway <bcallaway@google.com> --------- Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
* bump policy-controller chart for v0.13.0 release Signed-off-by: Bob Callaway <bcallaway@google.com> * update schema description Signed-off-by: Bob Callaway <bcallaway@google.com> --------- Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
* Trillian: fix log signer forceMaster always true Signed-off-by: Aaron Howland <7330587+ajh-@users.noreply.github.com> * Bump trillian to v0.3.7 Signed-off-by: Aaron Howland <7330587+ajh-@users.noreply.github.com> --------- Signed-off-by: Aaron Howland <7330587+ajh-@users.noreply.github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Aaron Howland <7330587+ajh-@users.noreply.github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
This changes the logic for how redis.hostname is set. Either Redis is deployed via K8s, at which point the hostname is either set to the fullname by default or the provided hostname, or Redis is externally managed at which point the hostname is set to the provided hostname. The flags to Rekor will only be set when hostname is not empty, so they will not be set if Redis is disabled or an empty hostname is provided, which is the default. Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com> Co-authored-by: Hayden B <8418760+haydentherapper@users.noreply.github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Followup from last PR Signed-off-by: Hayden <haydentherapper@users.noreply.github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
…store#1014) Bumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `sigstore/cosign-installer` from 3.9.1 to 3.9.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@398d4b0...d58896d) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.9.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
…re#1020) Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: philarcand <7255842+philarcand@users.noreply.github.com> Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: Philippe Arcand <7255842+philarcand@users.noreply.github.com>
Signed-off-by: philarcand <7255842+philarcand@users.noreply.github.com>
Author
|
I rebased this PR and updated the versions if anyone wants to take a look. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the change
This PR adds the ability to specify resources to the fulcio createcerts job, and documents resources under server.
Existing or Associated Issue(s)
It is currently impossible to specify resources for the fulcio createcerts job, which is problematic for deployments where ResourceQuota is being used, forcing the use of LimitRange.
Checklist
Chart.yamlaccording to semver. Where applicable, update and bump the versions in any associated umbrella chartvalues.yamland added to the README.md. The helm-docs utility can be used to generate the necessary content. Usehelm-docs --dry-runto preview the content.ct lintcommand.