Skip to content
This repository has been archived by the owner on Mar 22, 2024. It is now read-only.

Commit

Permalink
Allow job hooks to be disabled (#434)
Browse files Browse the repository at this point in the history 
Co-authored-by: Marco Franssen <marco.franssen@gmail.com>
Co-authored-by: Kevin Fox <Kevin.Fox@pnnl.gov>
  • Loading branch information
@faisal-memon @marcofranssen @kfox1111
3 people committed Aug 18, 2023
1 parent 5e4cf6f commit b7e1525
Show file tree
Hide file tree
Showing 12 changed files with 39 additions and 0 deletions.
5 changes: 5 additions & 0 deletions charts/spire/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,8 @@ Now you can interact with the Spire agent socket from your own application. The

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| global.deleteHooks.enabled | bool | `true` | Enable Helm hooks to autofix common delete issues (should be disabled when using `helm template`) |
| global.installAndUpgradeHooks.enabled | bool | `true` | Enable Helm hooks to autofix common install/upgrade issues (should be disabled when using `helm template`) |
| global.k8s.clusterDomain | string | `"cluster.local"` | |
| global.spire.bundleConfigMap | string | `""` | Override all instances of bundleConfigMap |
| global.spire.clusterName | string | `"example-cluster"` | |
Expand Down Expand Up @@ -162,6 +164,7 @@ Now you can interact with the Spire agent socket from your own application. The
| spiffe-oidc-discovery-provider.config.additionalDomains | list | `["localhost"]` | Add additional domains that can be used for oidc discovery |
| spiffe-oidc-discovery-provider.config.logLevel | string | `"info"` | The log level, valid values are "debug", "info", "warn", and "error" |
| spiffe-oidc-discovery-provider.configMap.annotations | object | `{}` | Annotations to add to the SPIFFE OIDC Discovery Provider ConfigMap |
| spiffe-oidc-discovery-provider.deleteHook.enabled | bool | `true` | Enable Helm hooks to autofix common delete issues (should be disabled when using `helm template`) |
| spiffe-oidc-discovery-provider.fullnameOverride | string | `""` | |
| spiffe-oidc-discovery-provider.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy |
| spiffe-oidc-discovery-provider.image.registry | string | `"ghcr.io"` | The OCI registry to pull the image from |
Expand Down Expand Up @@ -294,6 +297,7 @@ Now you can interact with the Spire agent socket from your own application. The
| spire-server.clusterName | string | `"example-cluster"` | |
| spire-server.configMap.annotations | object | `{}` | Annotations to add to the SPIRE Server ConfigMap |
| spire-server.controllerManager.configMap.annotations | object | `{}` | Annotations to add to the Controller Manager ConfigMap |
| spire-server.controllerManager.deleteHook.enabled | bool | `true` | Enable Helm hook to autofix common delete issues (should be disabled when using `helm template`) |
| spire-server.controllerManager.enabled | bool | `false` | |
| spire-server.controllerManager.identities.dnsNameTemplates | list | `[]` | |
| spire-server.controllerManager.identities.enabled | bool | `true` | |
Expand All @@ -309,6 +313,7 @@ Now you can interact with the Spire agent socket from your own application. The
| spire-server.controllerManager.image.repository | string | `"spiffe/spire-controller-manager"` | The repository within the registry |
| spire-server.controllerManager.image.tag | string | `"0.2.3"` | Overrides the image tag |
| spire-server.controllerManager.image.version | string | `""` | This value is deprecated in favor of tag. (Will be removed in a future release) |
| spire-server.controllerManager.installAndUpgradeHook.enabled | bool | `true` | Enable Helm hook to autofix common install/upgrade issues (should be disabled when using `helm template`) |
| spire-server.controllerManager.resources | object | `{}` | |
| spire-server.controllerManager.securityContext | object | `{}` | |
| spire-server.controllerManager.service.annotations | object | `{}` | |
Expand Down
1 change: 1 addition & 0 deletions charts/spire/charts/spiffe-oidc-discovery-provider/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ A Helm chart to install the SPIFFE OIDC discovery provider.
| config.additionalDomains | list | `["localhost"]` | Add additional domains that can be used for oidc discovery |
| config.logLevel | string | `"info"` | The log level, valid values are "debug", "info", "warn", and "error" |
| configMap.annotations | object | `{}` | Annotations to add to the SPIFFE OIDC Discovery Provider ConfigMap |
| deleteHook.enabled | bool | `true` | Enable Helm hooks to autofix common delete issues (should be disabled when using `helm template`) |
| fullnameOverride | string | `""` | |
| image.pullPolicy | string | `"IfNotPresent"` | The image pull policy |
| image.registry | string | `"ghcr.io"` | The OCI registry to pull the image from |
Expand Down
2 changes: 2 additions & 0 deletions charts/spire/charts/spiffe-oidc-discovery-provider/templates/pre-delete-hook.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if eq ((dig "deleteHooks" "enabled" .Values.deleteHook.enabled .Values.global) | toString) "true" }}
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down Expand Up @@ -71,3 +72,4 @@ spec:
- deployment
- {{ include "spiffe-oidc-discovery-provider.fullname" . }}
- --wait
{{- end }}
4 changes: 4 additions & 0 deletions charts/spire/charts/spiffe-oidc-discovery-provider/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,10 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template
name: ""

deleteHook:
# -- Enable Helm hooks to autofix common delete issues (should be disabled when using `helm template`)
enabled: true

autoscaling:
enabled: false
minReplicas: 1
Expand Down
2 changes: 2 additions & 0 deletions charts/spire/charts/spire-server/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ In order to run Tornjak with simple HTTP Connection only, make sure you don't cr
| clusterName | string | `"example-cluster"` | |
| configMap.annotations | object | `{}` | Annotations to add to the SPIRE Server ConfigMap |
| controllerManager.configMap.annotations | object | `{}` | Annotations to add to the Controller Manager ConfigMap |
| controllerManager.deleteHook.enabled | bool | `true` | Enable Helm hook to autofix common delete issues (should be disabled when using `helm template`) |
| controllerManager.enabled | bool | `false` | |
| controllerManager.identities.dnsNameTemplates | list | `[]` | |
| controllerManager.identities.enabled | bool | `true` | |
Expand All @@ -115,6 +116,7 @@ In order to run Tornjak with simple HTTP Connection only, make sure you don't cr
| controllerManager.image.repository | string | `"spiffe/spire-controller-manager"` | The repository within the registry |
| controllerManager.image.tag | string | `"0.2.3"` | Overrides the image tag |
| controllerManager.image.version | string | `""` | This value is deprecated in favor of tag. (Will be removed in a future release) |
| controllerManager.installAndUpgradeHook.enabled | bool | `true` | Enable Helm hook to autofix common install/upgrade issues (should be disabled when using `helm template`) |
| controllerManager.resources | object | `{}` | |
| controllerManager.securityContext | object | `{}` | |
| controllerManager.service.annotations | object | `{}` | |
Expand Down
4 changes: 4 additions & 0 deletions charts/spire/charts/spire-server/templates/controller-manager-webhook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,11 @@ webhooks:
name: {{ include "spire-controller-manager.fullname" . }}-webhook
namespace: {{ include "spire-server.namespace" . }}
path: /validate-spire-spiffe-io-v1alpha1-clusterfederatedtrustdomain
{{- if eq (.Values.controllerManager.installAndUpgradeHook.enabled | toString) "true" }}
failurePolicy: Ignore # Actual value to be set by post install/upgrade hooks
{{- else }}
failurePolicy: {{ .Values.controllerManager.validatingWebhookConfiguration.failurePolicy }}
{{- end }}
name: vclusterfederatedtrustdomain.kb.io
rules:
- apiGroups: ["spire.spiffe.io"]
Expand Down
2 changes: 2 additions & 0 deletions charts/spire/charts/spire-server/templates/post-install-hook.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if eq ((dig "installAndUpgradeHooks" "enabled" .Values.controllerManager.installAndUpgradeHook.enabled .Values.global) | toString) "true" }}
{{- if eq (.Values.controllerManager.enabled | toString) "true" }}
{{- if eq .Values.controllerManager.validatingWebhookConfiguration.failurePolicy "Fail" }}
apiVersion: v1
Expand Down Expand Up @@ -85,3 +86,4 @@ spec:
}
{{- end }}
{{- end }}
{{- end }}
2 changes: 2 additions & 0 deletions charts/spire/charts/spire-server/templates/post-upgrade-hook.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if eq ((dig "installAndUpgradeHooks" "enabled" .Values.controllerManager.installAndUpgradeHook.enabled .Values.global) | toString) "true" }}
{{- if eq (.Values.controllerManager.enabled | toString) "true" }}
{{- if eq .Values.controllerManager.validatingWebhookConfiguration.failurePolicy "Fail" }}
apiVersion: v1
Expand Down Expand Up @@ -85,3 +86,4 @@ spec:
}
{{- end }}
{{- end }}
{{- end }}
2 changes: 2 additions & 0 deletions charts/spire/charts/spire-server/templates/pre-delete-hook.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if eq ((dig "deleteHooks" "enabled" .Values.controllerManager.deleteHook.enabled .Values.global) | toString) "true" }}
{{- if .Values.upstreamAuthority.spire.enabled }}
apiVersion: v1
kind: ServiceAccount
Expand Down Expand Up @@ -88,3 +89,4 @@ spec:
- -n
- {{ include "spire-server.namespace" . }}
{{- end }}
{{- end }}
2 changes: 2 additions & 0 deletions charts/spire/charts/spire-server/templates/pre-upgrade-hook.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if eq ((dig "installAndUpgradeHooks" "enabled" .Values.controllerManager.installAndUpgradeHook.enabled .Values.global) | toString) "true" }}
{{- if eq (.Values.controllerManager.enabled | toString) "true" }}
{{- if eq .Values.controllerManager.validatingWebhookConfiguration.failurePolicy "Fail" }}
apiVersion: v1
Expand Down Expand Up @@ -85,3 +86,4 @@ spec:
}
{{- end }}
{{- end }}
{{- end }}
6 changes: 6 additions & 0 deletions charts/spire/charts/spire-server/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,12 @@ notifier:

controllerManager:
enabled: false
installAndUpgradeHook:
# -- Enable Helm hook to autofix common install/upgrade issues (should be disabled when using `helm template`)
enabled: true
deleteHook:
# -- Enable Helm hook to autofix common delete issues (should be disabled when using `helm template`)
enabled: true

image:
# -- The OCI registry to pull the image from
Expand Down
7 changes: 7 additions & 0 deletions charts/spire/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,13 @@ global:
# -- Override all Spire image registries at once
registry: ""

installAndUpgradeHooks:
# -- Enable Helm hooks to autofix common install/upgrade issues (should be disabled when using `helm template`)
enabled: true
deleteHooks:
# -- Enable Helm hooks to autofix common delete issues (should be disabled when using `helm template`)
enabled: true

# telemetry:
# prometheus:
# enabled: true
Expand Down

0 comments on commit b7e1525

Please sign in to comment.