sigstore · sabre1041 · Mar 17, 2023
diff --git a/charts/ctlog/Chart.yaml b/charts/ctlog/Chart.yaml
@@ -4,7 +4,7 @@ description: Certificate Log
 
 type: application
 
-version: 0.2.44
+version: 0.3.0
 appVersion: 0.3.0
 
 keywords:
@@ -16,14 +16,19 @@ home: https://sigstore.dev/
 maintainers:
   - name: The Sigstore Authors
 
+dependencies:
+  - name: common
+    version: 0.1.0
+    repository: https://sigstore.github.io/helm-charts
+
 annotations:
   artifacthub.io/license: Apache-2.0
   artifacthub.io/images: |
     - name: ct_server
-      image: ghcr.io/sigstore/scaffolding/ct_server@sha256:91d23363c34ca0a8ec1fb89129815fb32f851eb8986bfbf7b2aed85c98411f04
+      image: ghcr.io/sigstore/scaffolding/ct_server@sha256:2ea576af6b64e154b718b058cd03b74fac8399affcf93c4251ab2234704ca432
     - name: createctconfig
       image: ghcr.io/sigstore/scaffolding/createctconfig@sha256:b3dae896ddb7b01b3257c668bc1e87f15aafe97f30a767f99426f557fa33e44c
     - name: createtree
-      image: ghcr.io/sigstore/scaffolding/createtree@sha256:0c6a1a49f906da6e59e7cfbba08a473778fc0296abdf8b86115861d5f3556ed4
+      image: ghcr.io/sigstore/scaffolding/createtree@sha256:2da5284bb29e18d125e4565d47256d0ded82c3a7001b44a4d152e2475ca1166c
     - name: curlimages/curl
-      image: docker.io/curlimages/curl@sha256:dca6e1b1c8e7b8b8e7be4e79fc78a858d12fd56245cb31bfa281dbf7c73a6498
+      image: docker.io/curlimages/curl@sha256:48318407b8d98e8c7d5bd4741c88e8e1a5442de660b47f63ba656e5c910bc3da
diff --git a/charts/ctlog/README.md b/charts/ctlog/README.md
@@ -23,11 +23,11 @@ Certificate Log
 | createctconfig.image.pullPolicy | string | `"IfNotPresent"` |  |
 | createctconfig.image.registry | string | `"ghcr.io"` |  |
 | createctconfig.image.repository | string | `"sigstore/scaffolding/createctconfig"` |  |
-| createctconfig.image.version | string | `"sha256:b3dae896ddb7b01b3257c668bc1e87f15aafe97f30a767f99426f557fa33e44c"` | v0.6.3 |
+| createctconfig.image.version | string | `"sha256:2d8072d832370a8dbbe96536eaf479a5bf3a738c997394c888fed8ddcbe84a1b"` | v0.6.5 |
 | createctconfig.initContainerImage.curl.imagePullPolicy | string | `"IfNotPresent"` |  |
 | createctconfig.initContainerImage.curl.registry | string | `"docker.io"` |  |
 | createctconfig.initContainerImage.curl.repository | string | `"curlimages/curl"` |  |
-| createctconfig.initContainerImage.curl.version | string | `"sha256:dca6e1b1c8e7b8b8e7be4e79fc78a858d12fd56245cb31bfa281dbf7c73a6498"` | 7.82.0 |
+| createctconfig.initContainerImage.curl.version | string | `"sha256:dca6e1b1c8e7b8b8e7be4e79fc78a858d12fd56245cb31bfa281dbf7c73a6498"` | 7.88.1 |
 | createctconfig.logPrefix | string | `"sigstorescaffolding"` |  |
 | createctconfig.name | string | `"createctconfig"` |  |
 | createctconfig.privateKeyPasswordSecretName | string | `""` |  |
@@ -47,7 +47,7 @@ Certificate Log
 | createtree.image.pullPolicy | string | `"IfNotPresent"` |  |
 | createtree.image.registry | string | `"ghcr.io"` |  |
 | createtree.image.repository | string | `"sigstore/scaffolding/createtree"` |  |
-| createtree.image.version | string | `"sha256:d5776d8a43632291e1c5a22a9266608db0daa0a11663445d701e327f2205974c"` |  |
+| createtree.image.version | string | `"sha256:47206322c1d6002ffc737d94852924fae0f749aa3a64c1899eee11f502f609a6"` |  |
 | createtree.name | string | `"createtree"` |  |
 | createtree.securityContext.runAsNonRoot | bool | `true` |  |
 | createtree.securityContext.runAsUser | int | `65533` |  |
@@ -65,7 +65,7 @@ Certificate Log
 | server.image.pullPolicy | string | `"IfNotPresent"` |  |
 | server.image.registry | string | `"ghcr.io"` |  |
 | server.image.repository | string | `"sigstore/scaffolding/ct_server"` |  |
-| server.image.version | string | `"sha256:7c791d3b7c15e817807f07d4cdb00406529a114702ad448ee857e1d0fc5fb5a9"` |  |
+| server.image.version | string | `"sha256:1ef2480cf8ddb1f99da0d931283f3c55babb84d79bf36f66d7bed29985bcca7e"` |  |
 | server.ingress.annotations | object | `{}` |  |
 | server.ingress.className | string | `"nginx"` |  |
 | server.ingress.enabled | bool | `false` |  |
@@ -77,9 +77,10 @@ Certificate Log
 | server.ingresses[0].frontendConfigSpec.redirectToHttps.enabled | bool | `true` |  |
 | server.ingresses[0].frontendConfigSpec.sslPolicy | string | `"ctlog-ssl-policy"` |  |
 | server.ingresses[0].hosts[0].host | string | `"fulcio.localhost"` |  |
-| server.ingresses[0].hosts[0].path | string | `"/test"` |  |
-| server.ingresses[0].hosts[1].host | string | `"fulcio.localhost"` |  |
-| server.ingresses[0].hosts[1].path | string | `"/other-shard"` |  |
+| server.ingresses[0].hosts[0].paths[0].path | string | `"/test"` |  |
+| server.ingresses[0].hosts[0].paths[0].pathType | string | `"Prefix"` |  |
+| server.ingresses[0].hosts[0].paths[1].path | string | `"/other-shard"` |  |
+| server.ingresses[0].hosts[0].paths[1].serviceName | string | `"other-shard"` |  |
 | server.ingresses[0].name | string | `"gce-ingress"` |  |
 | server.ingresses[0].staticGlobalIP | string | `"lb-ext-ip"` |  |
 | server.ingresses[0].tls | list | `[]` |  |
@@ -97,12 +98,6 @@ Certificate Log
 | server.replicaCount | int | `1` |  |
 | server.securityContext.runAsNonRoot | bool | `true` |  |
 | server.securityContext.runAsUser | int | `65533` |  |
-| server.service.backendConfig.name | string | `"ctlog-backend-config"` |  |
-| server.service.backendConfig.spec.healthCheck.port | int | `6962` |  |
-| server.service.backendConfig.spec.healthCheck.requestPath | string | `"/healthz"` |  |
-| server.service.backendConfig.spec.healthCheck.type | string | `"HTTP"` |  |
-| server.service.backendConfig.spec.logging.enable | bool | `true` |  |
-| server.service.backendConfig.spec.securityPolicy.name | string | `"ctlog-security-policy"` |  |
 | server.service.ports[0].name | string | `"6962-tcp"` |  |
 | server.service.ports[0].port | int | `80` |  |
 | server.service.ports[0].protocol | string | `"TCP"` |  |
@@ -120,3 +115,4 @@ Certificate Log
 | trillian.logServer.portRPC | int | `8091` |  |
 | trillian.namespace | string | `"trillian-system"` |  |
 
+----------------------------------------------
diff --git a/charts/ctlog/templates/_helpers.tpl b/charts/ctlog/templates/_helpers.tpl
@@ -1,46 +1,3 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "ctlog.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "ctlog.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Define the raw ctlog.namespace template if set with forceNamespace or .Release.Namespace is set
-*/}}
-{{- define "ctlog.rawnamespace" -}}
-{{- if .Values.forceNamespace -}}
-{{ print .Values.forceNamespace }}
-{{- else -}}
-{{ print .Release.Namespace }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Define the ctlog.namespace template if set with forceNamespace or .Release.Namespace is set
-*/}}
-{{- define "ctlog.namespace" -}}
-{{ printf "namespace: %s" (include "ctlog.rawnamespace" .) }}
-{{- end -}}
-
 {{/*
 Create a fully qualified createctconfig name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -75,32 +32,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- end -}}
 {{- end -}}
 
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "ctlog.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "ctlog.labels" -}}
-helm.sh/chart: {{ include "ctlog.chart" . }}
-{{ include "ctlog.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
 
-{{/*
-Selector labels
-*/}}
-{{- define "ctlog.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "ctlog.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
 
 {{/*
 Server Arguments
@@ -126,7 +58,7 @@ Create the name of the service account to use
 */}}
 {{- define "ctlog.serviceAccountName" -}}
 {{- if .Values.server.serviceAccount.create }}
-{{- default (include "ctlog.fullname" .) .Values.server.serviceAccount.name }}
+{{- default (include "common.names.fullname" .) .Values.server.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.server.serviceAccount.name }}
 {{- end }}
@@ -154,29 +86,33 @@ Create the name of the service account to use for the createtree component
 {{- end -}}
 {{- end -}}
 
-{{/*
-Create the image path for the passed in image field
-*/}}
-{{- define "ctlog.image" -}}
-{{- if eq (substr 0 7 .version) "sha256:" -}}
-{{- printf "%s/%s@%s" .registry .repository .version -}}
-{{- else -}}
-{{- printf "%s/%s:%s" .registry .repository .version -}}
-{{- end -}}
-{{- end -}}
 
 {{/*
 Create the name of the config
 */}}
 {{- define "ctlog.config" -}}
-{{ printf "%s-config" (include "ctlog.fullname" .) }}
+{{ include "common.names.fullnameSuffix" (dict "suffix" "config" "context" $) }}
 {{- end }}
 
 {{/*
 Create the name of the secret
 */}}
 {{- define "ctlog.secret" -}}
-{{ printf "%s-secret" (include "ctlog.fullname" .) }}
+{{ include "common.names.fullnameSuffix" (dict "suffix" "secret" "context" $) }}
+{{- end }}
+
+{{/*
+Create the name of the secret operator
+*/}}
+{{- define "ctlog.secret-operator" -}}
+{{ include "common.names.fullnameSuffix" (dict "suffix" "secret-operator" "context" $) }}
+{{- end }}
+
+{{/*
+Create the name of the cm operator
+*/}}
+{{- define "ctlog.cm-operator" -}}
+{{ include "common.names.fullnameSuffix" (dict "suffix" "cm-operator" "context" $) }}
 {{- end }}
 
 {{/*

diff --git a/charts/ctlog/templates/cm-operator-role.yaml b/charts/ctlog/templates/cm-operator-role.yaml
@@ -1,10 +1,10 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ template "ctlog.fullname" . }}-cm-operator
-{{ include "ctlog.namespace" . | indent 2 }}
+  name: {{ template "ctlog.cm-operator" . }}
+{{ include "common.names.namespace" . | indent 2 }}
   labels:
-    {{- include "ctlog.labels" . | nindent 4 }}
+    {{- include "common.labels.labels" . | nindent 4 }}
 rules:
   - apiGroups: [""] # "" indicates the core API group
     resources: ["configmaps"]

diff --git a/charts/ctlog/templates/cm-operator-rolebinding.yaml b/charts/ctlog/templates/cm-operator-rolebinding.yaml
@@ -1,15 +1,15 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ template "ctlog.fullname" . }}-cm-operator
-{{ include "ctlog.namespace" . | indent 2 }}
+  name: {{ template "ctlog.cm-operator" . }}
+{{ include "common.names.namespace" . | indent 2 }}
   labels:
-    {{- include "ctlog.labels" . | nindent 4 }}
+    {{- include "common.labels.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ template "ctlog.fullname" . }}-cm-operator
+  name: {{ template "ctlog.cm-operator" . }}
 subjects:
   - kind: ServiceAccount
     name: {{ template "ctlog.serviceAccountName.createtree" . }}
-{{ include "ctlog.namespace" . | indent 4 }}
+{{ include "common.names.namespace" . | indent 4 }}
diff --git a/charts/ctlog/templates/createctconfig-job.yaml b/charts/ctlog/templates/createctconfig-job.yaml
@@ -3,9 +3,9 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   name: {{ template "ctlog.createctconfig.fullname" . }}
-{{ include "ctlog.namespace" . | indent 2 }}
+{{ include "common.names.namespace" . | indent 2 }}
   labels:
-    {{- include "ctlog.labels" . | nindent 4 }}
+    {{- include "common.labels.labels" . | nindent 4 }}
 {{- if .Values.createctconfig.annotations }}
   annotations:
 {{ toYaml .Values.createctconfig.annotations | indent 4 }}
@@ -22,7 +22,7 @@ spec:
       automountServiceAccountToken: {{ .Values.createctconfig.serviceAccount.mountToken }}
       initContainers:
         - name: "wait-for-createtree-configmap"
-          image: "{{ template "ctlog.image" .Values.createctconfig.initContainerImage.curl }}"
+          image: "{{ template "common.images.image" .Values.createctconfig.initContainerImage.curl }}"
           imagePullPolicy: {{ .Values.createctconfig.initContainerImage.curl.imagePullPolicy }}
           command: ["sh", "-c", "until curl --fail --header \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt --max-time 10 https://kubernetes.default.svc/api/v1/namespaces/$(NAMESPACE)/configmaps/{{ template "ctlog.config" . }} | grep '\"treeID\":'; do echo waiting for Configmap {{ template "ctlog.config" . }}; sleep 5; done;"]
           env:
@@ -36,19 +36,19 @@ spec:
     {{- end }}
       containers:
         - name: {{ template "ctlog.createctconfig.fullname" . }}
-          image: "{{ template "ctlog.image" .Values.createctconfig.image }}"
+          image: "{{ template "common.images.image" .Values.createctconfig.image }}"
           imagePullPolicy: "{{ .Values.createctconfig.image.pullPolicy }}"
           args: [
             "--configmap={{ template "ctlog.config" . }}",
-            "--secret={{ .Values.createctconfig.secret | default (printf "%s-secret" (include "ctlog.fullname" .)) }}",
+            "--secret={{ .Values.createctconfig.secret | default (include "ctlog.secret" .) }}",
           {{- if .Values.createctconfig.privateSecret }}
             "--private-secret={{ .Values.createctconfig.privateSecret }}",
           {{- end }}
           {{- if .Values.createctconfig.pubkeysecret }}
             "--pubkeysecret={{ .Values.createctconfig.pubkeysecret }}",
           {{- end }}
             "--fulcio-url={{ .Values.createctconfig.fulcioURL }}",
-            "--trillian-server={{ .Values.trillian.logServer.name }}.{{ .Values.trillian.namespace }}:{{ .Values.trillian.logServer.portRPC}}",
+            "--trillian-server={{ .Values.trillian.logServer.name }}.{{ .Values.trillian.namespace.name }}:{{ .Values.trillian.logServer.portRPC}}",
           {{- if .Values.createctconfig.privateKeyPasswordSecretName }}
             "--key-password=$(PRIVATE_KEY_PASSWORD)",
           {{- end }}

diff --git a/charts/ctlog/templates/createctconfig-serviceaccount.yaml b/charts/ctlog/templates/createctconfig-serviceaccount.yaml
@@ -3,9 +3,9 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "ctlog.serviceAccountName.createctconfig" . }}
-{{ include "ctlog.namespace" . | indent 2 }}
+{{ include "common.names.namespace" . | indent 2 }}
   labels:
-    {{- include "ctlog.labels" . | nindent 4 }}
+    {{- include "common.labels.labels" . | nindent 4 }}
   annotations:
 {{ toYaml .Values.createctconfig.serviceAccount.annotations | indent 4 }}
 {{- end }}
diff --git a/charts/ctlog/templates/createtree-job.yaml b/charts/ctlog/templates/createtree-job.yaml
@@ -3,9 +3,9 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   name: {{ template "ctlog.createtree.fullname" . }}
-{{ include "ctlog.namespace" . | indent 2 }}
+{{ include "common.names.namespace" . | indent 2 }}
   labels:
-    {{- include "ctlog.labels" . | nindent 4 }}
+    {{- include "common.labels.labels" . | nindent 4 }}
 {{- if .Values.createtree.annotations }}
   annotations:
 {{ toYaml .Values.createtree.annotations | indent 4 }}
@@ -21,7 +21,7 @@ spec:
       automountServiceAccountToken: {{ .Values.createtree.serviceAccount.mountToken }}
       containers:
         - name: {{ template "ctlog.createtree.fullname" . }}
-          image: "{{ template "ctlog.image" .Values.createtree.image }}"
+          image: "{{ template "common.images.image" .Values.createtree.image }}"
           imagePullPolicy: "{{ .Values.createtree.image.pullPolicy }}"
           env:
           - name: NAMESPACE
@@ -32,7 +32,7 @@ spec:
             "--namespace=$(NAMESPACE)",
             "--configmap={{ template "ctlog.config" . }}",
             "--display_name={{ .Values.createtree.displayName }}",
-            "--admin_server={{ .Values.trillian.logServer.name }}.{{ .Values.trillian.namespace }}:{{ .Values.trillian.logServer.portRPC}}"
+            "--admin_server={{ .Values.trillian.logServer.name }}.{{ .Values.trillian.namespace.name }}:{{ .Values.trillian.logServer.portRPC}}"
           ]
     {{- if .Values.createtree.resources }}
           resources:

diff --git a/charts/ctlog/templates/createtree-serviceaccount.yaml b/charts/ctlog/templates/createtree-serviceaccount.yaml
@@ -3,9 +3,9 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "ctlog.serviceAccountName.createtree" . }}
-{{ include "ctlog.namespace" . | indent 2 }}
+{{ include "common.names.namespace" . | indent 2 }}
   labels:
-    {{- include "ctlog.labels" . | nindent 4 }}
+    {{- include "common.labels.labels" . | nindent 4 }}
   annotations:
 {{ toYaml .Values.createtree.serviceAccount.annotations | indent 4 }}
 {{- end }}
diff --git a/charts/ctlog/templates/ctlog-configmap.yaml b/charts/ctlog/templates/ctlog-configmap.yaml
@@ -2,9 +2,9 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "ctlog.config" . }}
-{{ include "ctlog.namespace" . | indent 2 }}
+{{ include "common.names.namespace" . | indent 2 }}
   labels:
-    {{- include "ctlog.labels" . | nindent 4 }}
+    {{- include "common.labels.labels" . | nindent 4 }}
 data:
   __placeholder: |
     ###################################################################