-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(fulcio/add-env): Add additional env variables #530
base: main
Are you sure you want to change the base?
Changes from 3 commits
af3fc29
bef4aba
a03c22a
1012833
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,7 +5,7 @@ description: | | |
|
||
type: application | ||
|
||
version: 2.3.2 | ||
version: 2.4.2 | ||
appVersion: 1.3.1 | ||
|
||
keywords: | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,3 +11,4 @@ data: | |
{{- if (eq .Values.server.args.certificateAuthority "kmsca")}} | ||
chain.pem: {{.Values.server.args.kms_cert_chain | quote }} | ||
{{- end }} | ||
cloud_credentials: {{.Values.server.args.creds | quote }} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Add a conditional to avoid including when not specified There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added condition! |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -59,14 +59,27 @@ spec: | |
- "--kms-cert-chain-path=/etc/fulcio-config/chain.pem" | ||
{{- end }} | ||
- "--ct-log-url={{ if .Values.server.args.disable_ct_log }}{{ else if .Values.server.args.ct_log_url }}{{ .Values.server.args.ct_log_url }}{{ else }}http://{{ .Values.ctlog.name }}.{{ .Values.ctlog.namespace.name }}.svc/{{ .Values.ctlog.createctconfig.logPrefix }}{{ end }}" | ||
{{- if eq .Values.server.args.certificateAuthority "fileca" }} | ||
{{- if .Values.server.env }} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This doesnt have a closing end tag, yet strangely no error is thrown There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The closing There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Got it To simplify, this condition should be an There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. that is still fine. having the proposed conditional would still suffice. this conditional would remain in order to capture when it was defined, otherwise only the key/values would be captured. The contents within this conditional block can be removed as its no longer needed |
||
env: | ||
- name: PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: {{ .Values.server.secret }} | ||
key: password | ||
{{- end }} | ||
{{- range $key, $value := .Values.server.env }} | ||
- name: "{{ $key }}" | ||
value: "{{ $value }}" | ||
{{- end }} | ||
{{- if eq .Values.server.args.certificateAuthority "fileca" }} | ||
- name: PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: {{ .Values.server.secret }} | ||
key: password | ||
{{- end }} | ||
{{- else if eq .Values.server.args.certificateAuthority "fileca" }} | ||
env: | ||
- name: PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: {{ .Values.server.secret }} | ||
key: password | ||
{{- end }} | ||
volumeMounts: | ||
- name: fulcio-config | ||
mountPath: /etc/fulcio-config | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,9 +20,12 @@ server: | |
# crane digest gcr.io/projectsigstore/fulcio:v1.3.1 | ||
# -- v1.3.1 | ||
version: sha256:c920be2d367214562cda7d53d3af3529edf2dfd9326b24909ece450092b97b18 | ||
env: {} | ||
args: | ||
port: 5555 | ||
grpcPort: 5554 | ||
# valid values: GCP workload identity config json for trusted external cloud providers | ||
creds: "" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the name There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is there an expected naming suggestion? I used this to maintain the existing convention between TSA and Fulcio helm chart. How about There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am good with There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fixed!! |
||
# Valid values: googleca, pkcs11ca, aws-hsm-root-ca-path, fileca, kmsca | ||
certificateAuthority: fileca | ||
# kms_resource: gcpkms://.... | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed!