Skip to content

Commit

Permalink
Helm chart improvements
Browse files Browse the repository at this point in the history 
Signed-off-by: Tim Ramlot <[email protected]>
  • Loading branch information
@inteon
inteon committed May 30, 2023
1 parent 7db25ff commit 9ea2af9
Show file tree
Hide file tree
Showing 9 changed files with 16 additions and 8 deletions.
4 changes: 2 additions & 2 deletions deploy/charts/csi-driver-spiffe/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ cert-manager csi-driver-spiffe is a CSI plugin for Kubernetes which transparentl
| app.approver.replicaCount | int | `1` | Number of replicas of the approver to run. |
| app.approver.signerName | string | `"clusterissuers.cert-manager.io/*"` | The signer name that csi-driver-spiffe approver will be given permission to approve and deny. CertificateRequests referencing this signer name can be processed by the SPIFFE approver. See: https://cert-manager.io/docs/concepts/certificaterequest/#approval |
| app.certificateRequestDuration | string | `"1h"` | Duration requested for requested certificates. |
| app.driver | object | `{"csiDataDir":"/tmp/cert-manager-csi-driver","livenessProbe":{"port":9809},"livenessProbeImage":{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/livenessprobe","tag":"v2.9.0"},"nodeDriverRegistrarImage":{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-node-driver-registrar","tag":"v2.7.0"},"resources":{},"sourceCABundle":null,"volumeFileName":{"ca":"ca.crt","cert":"tls.crt","key":"tls.key"},"volumeMounts":[],"volumes":[]}` | Options for CSI driver |
| app.driver.csiDataDir | string | `"/tmp/cert-manager-csi-driver"` | Configures the hostPath directory that the driver will write and mount volumes from. |
| app.driver | object | `{"csiDataDir":"/tmp/cert-manager-csi-driver-spiffe","livenessProbe":{"port":9809},"livenessProbeImage":{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/livenessprobe","tag":"v2.9.0"},"nodeDriverRegistrarImage":{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-node-driver-registrar","tag":"v2.7.0"},"resources":{},"sourceCABundle":null,"volumeFileName":{"ca":"ca.crt","cert":"tls.crt","key":"tls.key"},"volumeMounts":[],"volumes":[]}` | Options for CSI driver |
| app.driver.csiDataDir | string | `"/tmp/cert-manager-csi-driver-spiffe"` | Configures the hostPath directory that the driver will write and mount volumes from. |
| app.driver.livenessProbe.port | int | `9809` | The port that will expose the liveness of the csi-driver |
| app.driver.livenessProbeImage.pullPolicy | string | `"IfNotPresent"` | Kubernetes imagePullPolicy on liveness probe. |
| app.driver.livenessProbeImage.repository | string | `"registry.k8s.io/sig-storage/livenessprobe"` | Target image repository. |
Expand Down
4 changes: 0 additions & 4 deletions deploy/charts/csi-driver-spiffe/templates/csidriver.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
{{- if .Capabilities.APIVersions.Has "storage.k8s.io/v1/CSIDriver" }}
apiVersion: storage.k8s.io/v1
{{- else }}
apiVersion: storage.k8s.io/v1beta1
{{- end }}
kind: CSIDriver
metadata:
name: "{{ .Values.app.name }}"
Expand Down
1 change: 1 addition & 0 deletions deploy/charts/csi-driver-spiffe/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "cert-manager-csi-driver-spiffe.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "cert-manager-csi-driver-spiffe.labels" . | indent 4 }}
spec:
Expand Down
8 changes: 7 additions & 1 deletion deploy/charts/csi-driver-spiffe/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cert-manager-csi-driver-spiffe.name" . }}-approver
namespace: {{ .Release.Namespace }}
labels:
{{ include "cert-manager-csi-driver-spiffe.labels" . | indent 4 }}
spec:
Expand Down Expand Up @@ -37,9 +38,14 @@ spec:
- --issuer-group={{ .Values.app.issuer.group }}
- --trust-domain={{ .Values.app.trustDomain }}

- --leader-election-namespace={{ .Release.Namespace }}
- --leader-election-namespace=$(POD_NAMESPACE)
- "--metrics-bind-address=:{{.Values.app.approver.metrics.port}}"
- "--readiness-probe-bind-address=:{{.Values.app.approver.readinessProbe.port}}"
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
{{- toYaml .Values.app.approver.resources | nindent 12 }}
{{- with .Values.priorityClassName }}
Expand Down
1 change: 1 addition & 0 deletions deploy/charts/csi-driver-spiffe/templates/metrics-service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ include "cert-manager-csi-driver-spiffe.name" . }}-approver-metrics
namespace: {{ .Release.Namespace }}
labels:
app: {{ include "cert-manager-csi-driver-spiffe.name" . }}-approver
{{ include "cert-manager-csi-driver-spiffe.labels" . | indent 4 }}
Expand Down
1 change: 1 addition & 0 deletions deploy/charts/csi-driver-spiffe/templates/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "cert-manager-csi-driver-spiffe.name" . }}-approver
namespace: {{ .Release.Namespace }}
labels:
{{ include "cert-manager-csi-driver-spiffe.labels" . | indent 4 }}
rules:
Expand Down
1 change: 1 addition & 0 deletions deploy/charts/csi-driver-spiffe/templates/rolebinding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "cert-manager-csi-driver-spiffe.name" . }}-approver
namespace: {{ .Release.Namespace }}
labels:
{{ include "cert-manager-csi-driver-spiffe.labels" . | indent 4 }}
roleRef:
Expand Down
2 changes: 2 additions & 0 deletions deploy/charts/csi-driver-spiffe/templates/serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
metadata:
namespace: {{ .Release.Namespace }}
labels:
{{ include "cert-manager-csi-driver-spiffe.labels" . | indent 4 }}
name: {{ include "cert-manager-csi-driver-spiffe.name" . }}
Expand All @@ -16,6 +17,7 @@ imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
metadata:
namespace: {{ .Release.Namespace }}
labels:
{{ include "cert-manager-csi-driver-spiffe.labels" . | indent 4 }}
name: {{ include "cert-manager-csi-driver-spiffe.name" . }}-approver
2 changes: 1 addition & 1 deletion deploy/charts/csi-driver-spiffe/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ app:
# mountPath: /var/run/secrets/cert-manager-csi-driver-spiffe

# -- Configures the hostPath directory that the driver will write and mount volumes from.
csiDataDir: /tmp/cert-manager-csi-driver
csiDataDir: /tmp/cert-manager-csi-driver-spiffe

resources: {}
# -- Kubernetes pod resource limits for cert-manager-csi-driver-spiffe
Expand Down

0 comments on commit 9ea2af9

Please sign in to comment.