forked from sigstore/helm-charts
/
values.yaml
148 lines (142 loc) · 3.61 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
namespace:
create: false
name: fulcio-system
imagePullSecrets: []
config:
contents: {}
server:
replicaCount: 1
name: server
svcPort: 80
grpcSvcPort: 5554
secret: fulcio-server-secret
logging:
production: false
image:
registry: gcr.io
repository: projectsigstore/fulcio
pullPolicy: IfNotPresent
# crane digest gcr.io/projectsigstore/fulcio:v1.4.4
# -- v1.4.4
version: sha256:d4e075bfaf0539a5220f3a76b80454261ecda443248fce283fd185d27e9910d4
args:
port: 5555
grpcPort: 5554
# Valid values: googleca, pkcs11ca, aws-hsm-root-ca-path, fileca, kmsca
certificateAuthority: fileca
# kms_resource: gcpkms://....
# kms_cert_chain: |-
# << your PEM encoded cert chain here. Order from active intermedate first to root last >>
hsm_caroot_id:
aws_hsm_root_ca_path:
gcp_private_ca_parent: projects/test/locations/us-east1/caPools/test
ct_log_url: ""
disable_ct_log: false
serviceAccount:
create: true
name: ""
annotations: {}
mountToken: true
service:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 5555
- name: grpc
port: 5554
protocol: TCP
targetPort: 5554
- name: 2112-tcp
port: 2112
protocol: TCP
targetPort: 2112
ingress:
http:
enabled: true
className: "nginx"
annotations: {}
hosts:
- path: /
host: "fulcio.localhost"
tls: []
grpc:
enabled: false
className: ""
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
hosts:
- host: fulcio.localhost
path: /dev.sigstore.fulcio.v2.CA
tls:
- secretName: fulcio-grpc-ingress-tls
hosts:
- fulcio.localhost
ingresses:
- enabled: false
grpc: true
http: true
name: "gce-ingress"
className: "gce"
hosts:
- path: /
host: fulcio.localhost
annotations: {}
tls: []
staticGlobalIP: lb-ext-ip
frontendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
sslPolicy: fulcio-ssl-policy
redirectToHttps:
enabled: true
backendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
securityPolicy:
name: fulcio-security-policy
logging:
enable: true
healthCheck:
port: 5555
requestPath: "/healthz"
type: HTTP
securityContext:
runAsNonRoot: true
runAsUser: 65533
createcerts:
enabled: true
replicaCount: 1
name: createcerts
image:
registry: ghcr.io
repository: sigstore/scaffolding/createcerts
pullPolicy: IfNotPresent
# v0.6.17
version: sha256:2aaea38198d25ee53fb1f6da79eaa75c24bcc4ef81792a68687ba2ae0dc8ccf6
ttlSecondsAfterFinished: 3600
serviceAccount:
create: true
name: ""
annotations: {}
mountToken: true
securityContext:
runAsNonRoot: true
runAsUser: 65533
annotations: {}
# Configure ctlog dependency
ctlog:
enabled: true
name: ctlog
forceNamespace: ctlog-system
fullnameOverride: ctlog
namespace:
name: ctlog-system
create: true
createtree:
name: ctlog-createtree
fullnameOverride: ctlog-createtree
createcerts:
name: ctlog-createcerts
fullnameOverride: ctlog-createcerts
createctconfig:
logPrefix: fulcio
# Force namespace of namespaced resources
forceNamespace: ""