-
Notifications
You must be signed in to change notification settings - Fork 3
/
opa-notary-connector-values.yaml
58 lines (57 loc) · 1.43 KB
/
opa-notary-connector-values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# OPA Notary Connector configuration
repositories:
- name: "localhost.*"
priority: 10
trust:
enabled: true
trustServer: "https://notary-server.notary.svc.cluster.local:4443"
auth:
user: admin
pass: admin
signers:
- role: "targets/jenkins"
publicKey: "" # base64 encoded public key. Passed in Makefile local-deploy target
# CatchAll allow
#- name: ".*"
#priority: 0
#trust:
#enabled: false
# OPA helm chart configuration
opa:
logLevel: debug
extraContainers:
- name: opa-notary-connector
image: localhost:30001/opa-notary-connector:latest
imagePullPolicy: Always
securityContext:
runAsUser: 1001
command: ["/opa-notary-connector"]
args:
- "--config=/etc/opa-notary-connector/trust.yaml"
- "--listen-address=:8080"
- "--trust-root-dir=/etc/opa-notary-connector/.trust"
- "--verbosity=debug"
env:
- name: GIN_MODE
value: release
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
scheme: HTTP
port: http
readinessProbe:
httpGet:
path: /healthz
scheme: HTTP
port: http
volumeMounts:
- name: opa-notary-connector-config
mountPath: /etc/opa-notary-connector/trust.yaml
subPath: trust.yaml
- name: notary-server-crt
mountPath: /etc/ssl/certs/ca.crt
subPath: ca.crt