diff --git a/charts/trusted-artifact-signer/templates/segment-backup-cronjob.yaml b/charts/trusted-artifact-signer/templates/segment-backup-cronjob.yaml new file mode 100644 index 00000000..55934355 --- /dev/null +++ b/charts/trusted-artifact-signer/templates/segment-backup-cronjob.yaml @@ -0,0 +1,25 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Values.configs.segment_backup_job.name }} +spec: + schedule: "0 0 * * *" + concurrencyPolicy: "Replace" + startingDeadlineSeconds: 200 + suspend: false + successfulJobsHistoryLimit: 7 + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + template: + serviceAccountName: segment-backup-sa + metadata: + name: {{ .Values.configs.segment_backup_job.name }} + labels: + parent: "segment-backup-job" + spec: + containers: + - name: {{ .Values.configs.segment_backup_job.name }} + image: "{{ .Values.configs.cosign_deploy.image.registry }}/{{ .Values.configs.cosign_deploy.image.repository }}:{{ .Values.configs.cosign_deploy.image.version }}" + command: ["/bin/bash", "/opt/app-root/src/script.sh"] + restartPolicy: OnFailure \ No newline at end of file diff --git a/charts/trusted-artifact-signer/templates/segment-backup-job-sa.yaml b/charts/trusted-artifact-signer/templates/segment-backup-job-sa.yaml index 91cd2581..da1640d7 100644 --- a/charts/trusted-artifact-signer/templates/segment-backup-job-sa.yaml +++ b/charts/trusted-artifact-signer/templates/segment-backup-job-sa.yaml @@ -2,7 +2,8 @@ apiVersion: v1 kind: ServiceAccount metadata: name: segment-backup-sa - namespace: sigstore-monitoring + # namespace: sigstore-monitoring # throwing an issue because this doesnt exist yet + namespace: default secrets: - name: pull-secret imagePullSecrets: diff --git a/charts/trusted-artifact-signer/templates/segment-backup-job.yaml b/charts/trusted-artifact-signer/templates/segment-backup-job.yaml index e975a35a..896f3155 100644 --- a/charts/trusted-artifact-signer/templates/segment-backup-job.yaml +++ b/charts/trusted-artifact-signer/templates/segment-backup-job.yaml @@ -1,24 +1,21 @@ apiVersion: batch/v1 -kind: Cronjob +kind: Job metadata: - name: {{ .Values.configs.segment-backup-job.name }} + name: {{ .Values.configs.segment_backup_job.name }} spec: - schedule: "0 0 * * *" - concurrencyPolicy: "Replace" - startingDeadlineSeconds: 200 - suspend: false - successfulJobsHistoryLimit: 7 - failedJobsHistoryLimit: 3 - jobTemplate: + parallelism: 1 + completions: 1 + activeDeadlineSeconds: 600 + backoffLimit: 5 + template: + serviceAccountName: segment-backup-sa + metadata: + name: {{ .Values.configs.segment_backup_job.name }} + labels: + parent: "segment-backup-job" spec: - template: - serviceAccountName: segment-backup-sa - metadata: - labels: - parent: "segment-backup-job" - spec: - containers: - - name: {{ .Values.configs.segment-backup-job.name }} - image: "{{ .Values.configs.cosign_deploy.image.registry }}/{{ .Values.configs.cosign_deploy.image.repository }}:{{ .Values.configs.cosign_deploy.image.version }}" - command: ["/bin/bash", "/opt/app-root/src/script.sh"] - restartPolicy: OnFailure \ No newline at end of file + containers: + - name: {{ .Values.configs.segment_backup_job.name }} + image: "{{ .Values.configs.cosign_deploy.image.registry }}/{{ .Values.configs.cosign_deploy.image.repository }}:{{ .Values.configs.cosign_deploy.image.version }}" + command: ["/bin/bash", "/opt/app-root/src/script.sh"] + restartPolicy: OnFailure \ No newline at end of file diff --git a/charts/trusted-artifact-signer/values.schema.json b/charts/trusted-artifact-signer/values.schema.json index 065e196f..a7ed9f6a 100644 --- a/charts/trusted-artifact-signer/values.schema.json +++ b/charts/trusted-artifact-signer/values.schema.json @@ -3,7 +3,7 @@ "properties": { "configs": { "properties": { - "segment-backup-job":{ + "segment_backup_job":{ "properties": { "name": { "type": "string" diff --git a/charts/trusted-artifact-signer/values.schema.tmpl.json b/charts/trusted-artifact-signer/values.schema.tmpl.json index a82a2931..fd72f5ca 100644 --- a/charts/trusted-artifact-signer/values.schema.tmpl.json +++ b/charts/trusted-artifact-signer/values.schema.tmpl.json @@ -19,7 +19,7 @@ "configs": { "type": "object", "properties": { - "segment-backup-job":{ + "segment_backup_job":{ "properties": { "name": { "type": "string" @@ -301,8 +301,7 @@ }, "type": "object" } - }, - "type": "object" + } }, "rbac": { "properties": { diff --git a/charts/trusted-artifact-signer/values.yaml b/charts/trusted-artifact-signer/values.yaml index 18decf19..b6e86f7d 100644 --- a/charts/trusted-artifact-signer/values.yaml +++ b/charts/trusted-artifact-signer/values.yaml @@ -5,7 +5,7 @@ global: appsSubdomain: "" configs: - segment-backup-job: + segment_backup_job: name: segment-backup-job namespace: sigstore-monitoring image: @@ -146,8 +146,6 @@ rbac: # -- clusterrole to be added to sigstore component serviceaccounts. clusterrole: system:openshift:scc:anyuid - https://github.com/securesign/sigstore-ocp/blob/dc536fd05432421742f1952cc0c8ff04f64bb97f/charts/trusted-artifact-signer/values.yaml#L139C3-L139C43 - # github.com/sigstore/helm-charts/charts scaffold: ctlog: diff --git a/tas-easy-install.sh b/tas-easy-install.sh index 842d2ba4..9506826f 100755 --- a/tas-easy-install.sh +++ b/tas-easy-install.sh @@ -112,6 +112,7 @@ oc -n rekor-system create secret generic rekor-private-key --from-file=private=. #OPENSHIFT_APPS_SUBDOMAIN=$common_name envsubst < examples/values-sigstore-openshift.yaml | helm install --debug trusted-artifact-signer trusted-artifact-signer/trusted-artifact-signer -n trusted-artifact-signer --create-namespace --values - OPENSHIFT_APPS_SUBDOMAIN=$common_name envsubst < examples/values-sigstore-openshift.yaml | helm upgrade -i trusted-artifact-signer --debug charts/trusted-artifact-signer -n trusted-artifact-signer --create-namespace --values - + # Create the script to initialize the environment variables for the service endpoints generate_env_script