From 59e422b9e3323aa268e0052831cc3625ff62ff94 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Wed, 17 May 2023 10:46:12 +0200 Subject: [PATCH] Add documentation for all image.tag values Signed-off-by: Marco Franssen --- charts/spire/README.md | 14 +++++++------- charts/spire/charts/spiffe-csi-driver/README.md | 2 +- charts/spire/charts/spiffe-csi-driver/values.yaml | 1 + .../spiffe-oidc-discovery-provider/README.md | 4 ++-- .../spiffe-oidc-discovery-provider/values.yaml | 2 ++ charts/spire/charts/spire-agent/README.md | 4 ++-- charts/spire/charts/spire-agent/values.yaml | 5 +++-- charts/spire/charts/spire-server/README.md | 4 ++-- charts/spire/charts/spire-server/values.yaml | 3 ++- 9 files changed, 22 insertions(+), 17 deletions(-) diff --git a/charts/spire/README.md b/charts/spire/README.md index ec7b7eedf..3637d7fa3 100644 --- a/charts/spire/README.md +++ b/charts/spire/README.md @@ -137,7 +137,7 @@ Kubernetes: `>=1.21.0-0` | spiffe-csi-driver.nodeDriverRegistrar.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | spiffe-csi-driver.nodeDriverRegistrar.image.registry | string | `"registry.k8s.io"` | The OCI registry to pull the image from | | spiffe-csi-driver.nodeDriverRegistrar.image.repository | string | `"sig-storage/csi-node-driver-registrar"` | The repository within the registry | -| spiffe-csi-driver.nodeDriverRegistrar.image.tag | string | `"v2.6.2"` | | +| spiffe-csi-driver.nodeDriverRegistrar.image.tag | string | `"v2.6.2"` | Overrides the image tag | | spiffe-csi-driver.nodeDriverRegistrar.resources | object | `{}` | | | spiffe-csi-driver.nodeSelector | object | `{}` | | | spiffe-csi-driver.pluginName | string | `"csi.spiffe.io"` | Set the csi driver name deployed to Kubernetes. | @@ -183,7 +183,7 @@ Kubernetes: `>=1.21.0-0` | spiffe-oidc-discovery-provider.insecureScheme.nginx.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | spiffe-oidc-discovery-provider.insecureScheme.nginx.image.registry | string | `"docker.io"` | The OCI registry to pull the image from | | spiffe-oidc-discovery-provider.insecureScheme.nginx.image.repository | string | `"nginxinc/nginx-unprivileged"` | The repository within the registry | -| spiffe-oidc-discovery-provider.insecureScheme.nginx.image.tag | string | `"1.23.2-alpine"` | | +| spiffe-oidc-discovery-provider.insecureScheme.nginx.image.tag | string | `"1.23.2-alpine"` | Overrides the image tag | | spiffe-oidc-discovery-provider.insecureScheme.nginx.resources | object | `{}` | | | spiffe-oidc-discovery-provider.nameOverride | string | `""` | | | spiffe-oidc-discovery-provider.namespaceOverride | string | `""` | | @@ -203,7 +203,7 @@ Kubernetes: `>=1.21.0-0` | spiffe-oidc-discovery-provider.telemetry.prometheus.nginxExporter.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | spiffe-oidc-discovery-provider.telemetry.prometheus.nginxExporter.image.registry | string | `"docker.io"` | The OCI registry to pull the image from | | spiffe-oidc-discovery-provider.telemetry.prometheus.nginxExporter.image.repository | string | `"nginx/nginx-prometheus-exporter"` | The repository within the registry | -| spiffe-oidc-discovery-provider.telemetry.prometheus.nginxExporter.image.tag | string | `"0.11.0"` | | +| spiffe-oidc-discovery-provider.telemetry.prometheus.nginxExporter.image.tag | string | `"0.11.0"` | Overrides the image tag | | spiffe-oidc-discovery-provider.telemetry.prometheus.nginxExporter.resources | object | `{}` | | | spiffe-oidc-discovery-provider.telemetry.prometheus.podMonitor.enabled | bool | `false` | | | spiffe-oidc-discovery-provider.telemetry.prometheus.podMonitor.labels | object | `{}` | | @@ -222,7 +222,7 @@ Kubernetes: `>=1.21.0-0` | spire-agent.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | spire-agent.image.registry | string | `"ghcr.io"` | The OCI registry to pull the image from | | spire-agent.image.repository | string | `"spiffe/spire-agent"` | The repository within the registry | -| spire-agent.image.tag | string | `""` | | +| spire-agent.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | spire-agent.imagePullSecrets | list | `[]` | | | spire-agent.initContainers | list | `[]` | | | spire-agent.logLevel | string | `"info"` | The log level, valid values are "debug", "info", "warn", and "error" | @@ -252,7 +252,7 @@ Kubernetes: `>=1.21.0-0` | spire-agent.waitForIt.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | spire-agent.waitForIt.image.registry | string | `"cgr.dev"` | The OCI registry to pull the image from | | spire-agent.waitForIt.image.repository | string | `"chainguard/wait-for-it"` | The repository within the registry | -| spire-agent.waitForIt.image.tag | string | `"latest-20230113"` | | +| spire-agent.waitForIt.image.tag | string | `"latest"` | Overrides the image tag | | spire-agent.waitForIt.resources | object | `{}` | | | spire-agent.workloadAttestors.k8s.skipKubeletVerification | bool | `true` | If true, kubelet certificate verification is skipped | | spire-agent.workloadAttestors.unix.enabled | bool | `false` | enables the Unix workload attestor | @@ -283,7 +283,7 @@ Kubernetes: `>=1.21.0-0` | spire-server.controllerManager.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | spire-server.controllerManager.image.registry | string | `"ghcr.io"` | The OCI registry to pull the image from | | spire-server.controllerManager.image.repository | string | `"spiffe/spire-controller-manager"` | The repository within the registry | -| spire-server.controllerManager.image.tag | string | `"0.2.2"` | | +| spire-server.controllerManager.image.tag | string | `"0.2.2"` | Overrides the image tag | | spire-server.controllerManager.resources | object | `{}` | | | spire-server.controllerManager.securityContext | object | `{}` | | | spire-server.controllerManager.service.annotations | object | `{}` | | @@ -293,7 +293,7 @@ Kubernetes: `>=1.21.0-0` | spire-server.controllerManager.validatingWebhookConfiguration.upgradeHook.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | spire-server.controllerManager.validatingWebhookConfiguration.upgradeHook.image.registry | string | `"docker.io"` | The OCI registry to pull the image from | | spire-server.controllerManager.validatingWebhookConfiguration.upgradeHook.image.repository | string | `"rancher/kubectl"` | The repository within the registry | -| spire-server.controllerManager.validatingWebhookConfiguration.upgradeHook.image.tag | string | `"latest"` | | +| spire-server.controllerManager.validatingWebhookConfiguration.upgradeHook.image.tag | string | `"latest"` | Overrides the image tag | | spire-server.dataStore.sql.databaseName | string | `"spire"` | Only used by "postgres" or "mysql" | | spire-server.dataStore.sql.databaseType | string | `"sqlite3"` | Other supported databases are "postgres" and "mysql" | | spire-server.dataStore.sql.host | string | `""` | Only used by "postgres" or "mysql" | diff --git a/charts/spire/charts/spiffe-csi-driver/README.md b/charts/spire/charts/spiffe-csi-driver/README.md index 9027bebd7..a2dd166b6 100644 --- a/charts/spire/charts/spiffe-csi-driver/README.md +++ b/charts/spire/charts/spiffe-csi-driver/README.md @@ -27,7 +27,7 @@ A Helm chart to install the SPIFFE CSI driver. | nodeDriverRegistrar.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | nodeDriverRegistrar.image.registry | string | `"registry.k8s.io"` | The OCI registry to pull the image from | | nodeDriverRegistrar.image.repository | string | `"sig-storage/csi-node-driver-registrar"` | The repository within the registry | -| nodeDriverRegistrar.image.tag | string | `"v2.6.2"` | | +| nodeDriverRegistrar.image.tag | string | `"v2.6.2"` | Overrides the image tag | | nodeDriverRegistrar.resources | object | `{}` | | | nodeSelector | object | `{}` | | | pluginName | string | `"csi.spiffe.io"` | Set the csi driver name deployed to Kubernetes. | diff --git a/charts/spire/charts/spiffe-csi-driver/values.yaml b/charts/spire/charts/spiffe-csi-driver/values.yaml index fbd97be79..e07ff131e 100644 --- a/charts/spire/charts/spiffe-csi-driver/values.yaml +++ b/charts/spire/charts/spiffe-csi-driver/values.yaml @@ -63,6 +63,7 @@ nodeDriverRegistrar: repository: sig-storage/csi-node-driver-registrar # -- The image pull policy pullPolicy: IfNotPresent + # -- Overrides the image tag tag: v2.6.2 resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/charts/spire/charts/spiffe-oidc-discovery-provider/README.md b/charts/spire/charts/spiffe-oidc-discovery-provider/README.md index 607a22972..04dd1cc73 100644 --- a/charts/spire/charts/spiffe-oidc-discovery-provider/README.md +++ b/charts/spire/charts/spiffe-oidc-discovery-provider/README.md @@ -47,7 +47,7 @@ A Helm chart to install the SPIFFE OIDC discovery provider. | insecureScheme.nginx.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | insecureScheme.nginx.image.registry | string | `"docker.io"` | The OCI registry to pull the image from | | insecureScheme.nginx.image.repository | string | `"nginxinc/nginx-unprivileged"` | The repository within the registry | -| insecureScheme.nginx.image.tag | string | `"1.23.2-alpine"` | | +| insecureScheme.nginx.image.tag | string | `"1.23.2-alpine"` | Overrides the image tag | | insecureScheme.nginx.resources | object | `{}` | | | nameOverride | string | `""` | | | namespaceOverride | string | `""` | | @@ -67,7 +67,7 @@ A Helm chart to install the SPIFFE OIDC discovery provider. | telemetry.prometheus.nginxExporter.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | telemetry.prometheus.nginxExporter.image.registry | string | `"docker.io"` | The OCI registry to pull the image from | | telemetry.prometheus.nginxExporter.image.repository | string | `"nginx/nginx-prometheus-exporter"` | The repository within the registry | -| telemetry.prometheus.nginxExporter.image.tag | string | `"0.11.0"` | | +| telemetry.prometheus.nginxExporter.image.tag | string | `"0.11.0"` | Overrides the image tag | | telemetry.prometheus.nginxExporter.resources | object | `{}` | | | telemetry.prometheus.podMonitor.enabled | bool | `false` | | | telemetry.prometheus.podMonitor.labels | object | `{}` | | diff --git a/charts/spire/charts/spiffe-oidc-discovery-provider/values.yaml b/charts/spire/charts/spiffe-oidc-discovery-provider/values.yaml index bd5d522e2..9243ba7a6 100644 --- a/charts/spire/charts/spiffe-oidc-discovery-provider/values.yaml +++ b/charts/spire/charts/spiffe-oidc-discovery-provider/values.yaml @@ -65,6 +65,7 @@ insecureScheme: repository: nginxinc/nginx-unprivileged # -- The image pull policy pullPolicy: IfNotPresent + # -- Overrides the image tag tag: 1.23.2-alpine # chainguard image does not support the templates feature # https://github.com/chainguard-images/nginx/issues/43 @@ -146,6 +147,7 @@ telemetry: repository: nginx/nginx-prometheus-exporter # -- The image pull policy pullPolicy: IfNotPresent + # -- Overrides the image tag tag: "0.11.0" resources: {} diff --git a/charts/spire/charts/spire-agent/README.md b/charts/spire/charts/spire-agent/README.md index 46898bb5e..36f22ce39 100644 --- a/charts/spire/charts/spire-agent/README.md +++ b/charts/spire/charts/spire-agent/README.md @@ -25,7 +25,7 @@ A Helm chart to install the SPIRE agent. | image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | image.registry | string | `"ghcr.io"` | The OCI registry to pull the image from | | image.repository | string | `"spiffe/spire-agent"` | The repository within the registry | -| image.tag | string | `""` | | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | | | initContainers | list | `[]` | | | logLevel | string | `"info"` | The log level, valid values are "debug", "info", "warn", and "error" | @@ -55,7 +55,7 @@ A Helm chart to install the SPIRE agent. | waitForIt.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | waitForIt.image.registry | string | `"cgr.dev"` | The OCI registry to pull the image from | | waitForIt.image.repository | string | `"chainguard/wait-for-it"` | The repository within the registry | -| waitForIt.image.tag | string | `"latest-20230113"` | | +| waitForIt.image.tag | string | `"latest"` | Overrides the image tag | | waitForIt.resources | object | `{}` | | | workloadAttestors.k8s.skipKubeletVerification | bool | `true` | If true, kubelet certificate verification is skipped | | workloadAttestors.unix.enabled | bool | `false` | enables the Unix workload attestor | diff --git a/charts/spire/charts/spire-agent/values.yaml b/charts/spire/charts/spire-agent/values.yaml index 2618d2bc5..872737ff7 100644 --- a/charts/spire/charts/spire-agent/values.yaml +++ b/charts/spire/charts/spire-agent/values.yaml @@ -9,7 +9,7 @@ image: repository: spiffe/spire-agent # -- The image pull policy pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. + # -- Overrides the image tag whose default is the chart appVersion. tag: "" imagePullSecrets: [] @@ -86,7 +86,8 @@ waitForIt: repository: chainguard/wait-for-it # -- The image pull policy pullPolicy: IfNotPresent - tag: latest-20230113 + # -- Overrides the image tag + tag: latest resources: {} # workloadAttestors determine a workload's properties and then generate a set of selectors associated with it. diff --git a/charts/spire/charts/spire-server/README.md b/charts/spire/charts/spire-server/README.md index c3633216c..f0fa3a3f8 100644 --- a/charts/spire/charts/spire-server/README.md +++ b/charts/spire/charts/spire-server/README.md @@ -44,7 +44,7 @@ A Helm chart to install the SPIRE server. | controllerManager.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | controllerManager.image.registry | string | `"ghcr.io"` | The OCI registry to pull the image from | | controllerManager.image.repository | string | `"spiffe/spire-controller-manager"` | The repository within the registry | -| controllerManager.image.tag | string | `"0.2.2"` | | +| controllerManager.image.tag | string | `"0.2.2"` | Overrides the image tag | | controllerManager.resources | object | `{}` | | | controllerManager.securityContext | object | `{}` | | | controllerManager.service.annotations | object | `{}` | | @@ -54,7 +54,7 @@ A Helm chart to install the SPIRE server. | controllerManager.validatingWebhookConfiguration.upgradeHook.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | controllerManager.validatingWebhookConfiguration.upgradeHook.image.registry | string | `"docker.io"` | The OCI registry to pull the image from | | controllerManager.validatingWebhookConfiguration.upgradeHook.image.repository | string | `"rancher/kubectl"` | The repository within the registry | -| controllerManager.validatingWebhookConfiguration.upgradeHook.image.tag | string | `"latest"` | | +| controllerManager.validatingWebhookConfiguration.upgradeHook.image.tag | string | `"latest"` | Overrides the image tag | | dataStore.sql.databaseName | string | `"spire"` | Only used by "postgres" or "mysql" | | dataStore.sql.databaseType | string | `"sqlite3"` | Other supported databases are "postgres" and "mysql" | | dataStore.sql.host | string | `""` | Only used by "postgres" or "mysql" | diff --git a/charts/spire/charts/spire-server/values.yaml b/charts/spire/charts/spire-server/values.yaml index c53c2fbaf..6b01d9007 100644 --- a/charts/spire/charts/spire-server/values.yaml +++ b/charts/spire/charts/spire-server/values.yaml @@ -169,7 +169,7 @@ controllerManager: repository: spiffe/spire-controller-manager # -- The image pull policy pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. + # -- Overrides the image tag tag: "0.2.2" resources: {} @@ -229,6 +229,7 @@ controllerManager: repository: rancher/kubectl # -- The image pull policy pullPolicy: IfNotPresent + # -- Overrides the image tag tag: latest telemetry: