Skip to content
This repository has been archived by the owner on Mar 22, 2024. It is now read-only.

Commit

Permalink
Allow configuration of priorityClassName on spire-server statefulset (#…
Browse files Browse the repository at this point in the history 
…480)
  • Loading branch information
@InverseIntegral
InverseIntegral committed Sep 12, 2023
1 parent 9ad2ed5 commit 1f90867
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 4 deletions.
3 changes: 2 additions & 1 deletion charts/spire/charts/spire-server/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ curl --cacert CA/rootCA.crt --key client.key --cert client.crt https://localhos

In order to run Tornjak with simple HTTP Connection only, make sure you don't create any `Secrets` or `ConfigMaps` listed above.

## Parameters
## Parameters

### Chart parameters

Expand All @@ -103,6 +103,7 @@ In order to run Tornjak with simple HTTP Connection only, make sure you don't cr
| `podAnnotations` | Annotations to add to pods | `{}` |
| `podSecurityContext` | Pod security context | `{}` |
| `securityContext` | Security context | `{}` |
| `priorityClassName` | Priority class assigned to statefulset pods | `""` |
| `service.type` | Type of the Spire server service created | `ClusterIP` |
| `service.port` | Port for the created service | `8081` |
| `service.annotations` | Annotations to add to the service object | `{}` |
Expand Down
3 changes: 3 additions & 0 deletions charts/spire/charts/spire-server/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if or (gt (len .Values.initContainers) 0) (and .Values.upstreamAuthority.certManager.enabled .Values.upstreamAuthority.certManager.ca.create) }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
initContainers:
{{- if and .Values.upstreamAuthority.certManager.enabled .Values.upstreamAuthority.certManager.ca.create }}
- name: wait
Expand Down
9 changes: 6 additions & 3 deletions charts/spire/charts/spire-server/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,13 @@ image:
## @param imagePullSecrets [array] Pull secrets for images
imagePullSecrets: []

## @param nameOverride Name override
## @param nameOverride Name override
nameOverride: ""

## @param namespaceOverride Namespace override
## @param namespaceOverride Namespace override
namespaceOverride: ""

## @param fullnameOverride Fullname override
## @param fullnameOverride Fullname override
fullnameOverride: ""

## @param serviceAccount.create Specifies whether a service account should be created
Expand Down Expand Up @@ -59,6 +59,9 @@ securityContext: {}
# runAsNonRoot: true
# runAsUser: 1000

## @param priorityClassName Priority class assigned to statefulset pods
priorityClassName: ""

## @param service.type Type of the Spire server service created
## @param service.port Port for the created service
## @param service.annotations [object] Annotations to add to the service object
Expand Down
1 change: 1 addition & 0 deletions examples/production/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ spire-server:
drop: [ALL]
seccompProfile:
type: RuntimeDefault
priorityClassName: system-cluster-critical

logLevel: info

Expand Down

0 comments on commit 1f90867

Please sign in to comment.