diff --git a/charts/attest-provider/Chart.yaml b/charts/attest-provider/Chart.yaml index 0e0b4c3..b148b0f 100644 --- a/charts/attest-provider/Chart.yaml +++ b/charts/attest-provider/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: A Helm chart for attest external data provider name: attest-provider -version: 0.0.6 +version: 0.0.8 home: https://github.com/docker/attest-provider sources: - https://github.com/docker/attest-provider.git -appVersion: 0.0.6 +appVersion: 0.0.8 diff --git a/charts/attest-provider/README.md b/charts/attest-provider/README.md index e69de29..107b13e 100644 --- a/charts/attest-provider/README.md +++ b/charts/attest-provider/README.md @@ -0,0 +1,16 @@ +## Parameters + +|Parameter|Description|Default| +|:-|:-|:-| +|image|provider image to run|`docker/attest-provider:0.0.8`| +|certDir|mount path to use for TLS certificates|`/certs`| +|clientCAFile|optional mount path for gatekeeper client certificate (mTLS)|`/tmp/gatekeeper/ca.crt`| +|port|port for provider service|`8090`| +|handlerTimeout|timeout in seconds for provider HTTP handler|`25`| +|replicas|number of provider replicas in deployment|`1`| +|tufRoot|name of embedded Docker TUF root to use for client (`dev`, `staging`, `prod`)|`prod`| +|tufMetadataSource|URI for TUF metadata (registry or http source)|`registry-1.docker.io/docker/tuf-metadata`| +|tufTargetsSource|URI for TUF targets (registry or http source)|`registry-1.docker.io/docker/tuf-targets`| +|attestationStyle|lookup attestations from image index (`attached`) or `referrers`|`referrers`| +|provider.timeout|timeout in seconds for gatekeeper external data request|`30`| +|provider.tls.caBundle|base64 encoded CA cert for provider|`""`| diff --git a/charts/attest-provider/templates/_helpers.tpl b/charts/attest-provider/templates/_helpers.tpl new file mode 100644 index 0000000..c186e8a --- /dev/null +++ b/charts/attest-provider/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "attest-provider.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/attest-provider/templates/attest-provider-deployment.yaml b/charts/attest-provider/templates/attest-provider-deployment.yaml index 326752e..7a74fc6 100644 --- a/charts/attest-provider/templates/attest-provider-deployment.yaml +++ b/charts/attest-provider/templates/attest-provider-deployment.yaml @@ -12,6 +12,8 @@ spec: metadata: labels: run: attest-provider + app: '{{ template "attest-provider.name" . }}' + chart: '{{ template "attest-provider.name" . }}' spec: containers: - image: {{ .Values.image }} @@ -28,6 +30,9 @@ spec: {{- if .Values.tufRoot }} - --tuf-root={{ .Values.tufRoot }} {{- end }} + {{- if .Values.handlerTimeout }} + - --handler-timeout={{ .Values.handlerTimeout }} + {{- end }} {{- if .Values.tufMetadataSource }} - --tuf-metadata-source={{ .Values.tufMetadataSource }} {{- end }} diff --git a/charts/attest-provider/values.yaml b/charts/attest-provider/values.yaml index ec5209a..db24cf5 100644 --- a/charts/attest-provider/values.yaml +++ b/charts/attest-provider/values.yaml @@ -1,8 +1,9 @@ -image: "docker/attest-provider:0.0.7@sha256:8542dbb19c9dc2f1137e842710ac8697e734341f02450bb2b47948fb99df819a" +image: "docker/attest-provider:0.0.8@sha256:ad61961bbb9779822e8627c9ddb5c2f29c1ece4ecf9577fb81df02eb108a59ef" certDir: /certs clientCAFile: /tmp/gatekeeper/ca.crt port: 8090 +handlerTimeout: 25 replicas: 1 # uncomment these lines to use other TUF root environments