Allow additional CRs to be managed by the chart #78
Conversation
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
…cluster-ids.yaml Co-authored-by: Marco Franssen <marco.franssen@gmail.com> Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Co-authored-by: Faisal Memon <fymemon@yahoo.com> Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
| clusterStaticEntries: {} | ||
| # foo: | ||
| # labels: | ||
| # foo: bar | ||
| # parentID: spiffe://example.com/bar | ||
| # spiffeID: spiffe://example.com/foo | ||
| # selectors: | ||
| # - k8s:pod-label:app.kubernetes.io/name:server | ||
| ## @param controllerManager.identities.clusterFederatedTrustDomains Specify additional ClusterFederatedTrustDomain objects. | ||
| clusterFederatedTrustDomains: {} | ||
| # foo: | ||
| # labels: | ||
| # foo: bar | ||
| # bundleEndpointProfile: | ||
| # endpointSPIFFEID: spiffe://example.com/foo | ||
| # type: https_spiffe | ||
| # bundleEndpointURL: https://rootserver.example.com:1234 | ||
| # trustDomain: example.com |
There was a problem hiding this comment.
The options won't get documented in the readme with everything commented out. Would it be better to have something but disabled for documentation purposes?
There was a problem hiding this comment.
Not sure. Would you want something like default: with a simplified example, with enabled: false?
| downstream: false | ||
| ## @param controllerManager.identities.autoPopulateDNSNames Auto populate DNS names from services attached to pods | ||
| autoPopulateDNSNames: false | ||
| clusterSPIFFEIDs: |
There was a problem hiding this comment.
What do you think of putting a comment above to mention that you can specify multiple?
There was a problem hiding this comment.
K. Took a first stab it it.
| autoPopulateDNSNames: false | ||
| clusterSPIFFEIDs: | ||
| default: | ||
| ## @param controllerManager.identities.clusterSPIFFEIDs.default.enabled Flag to enable default identities for controller manager |
There was a problem hiding this comment.
| ## @param controllerManager.identities.clusterSPIFFEIDs.default.enabled Flag to enable default identities for controller manager | |
| ## @param controllerManager.identities.clusterSPIFFEIDs.default.enabled Enable this identity for controller manager |
There was a problem hiding this comment.
Manually merged suggestion due to conflict.
| downstream: false | ||
| ## @param controllerManager.identities.clusterSPIFFEIDs.default.autoPopulateDNSNames Auto populate DNS names from services attached to pods | ||
| autoPopulateDNSNames: false | ||
| # foo: |
There was a problem hiding this comment.
| # foo: | |
| # You can specific additional ClusterSPIFFEIDs following this example. | |
| # foo: |
There was a problem hiding this comment.
Manually merged suggestion due to conflict.
|
|
||
| ## @param controllerManager.identities.clusterSPIFFEIDs.default.spiffeIDTemplate Spiffe ID template for identities | ||
| spiffeIDTemplate: spiffe://{{ .TrustDomain }}/ns/{{ .PodMeta.Namespace }}/sa/{{ .PodSpec.ServiceAccountName }} | ||
| ## @param controllerManager.identities.clusterSPIFFEIDs.default.podSelector [object] Selector for pods to issue identity |
There was a problem hiding this comment.
Is there anyway to have the comments not have default in them; instead have something more generic like [name].
There was a problem hiding this comment.
Maybe. will have a look at the doc tools documentation...
There was a problem hiding this comment.
Dug through the docs and code a bit. I don't see a way to allow anything more generic then specifying the key to something existing.
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
|
Github's having some issues with this PR after the revert. Will close and make a new PR from the same branch. |
|
Reopened as #117 |
Sometimes additional ClusterSPIFFEIDs and the other CRs are needed. Add support for the end user to manage those extra CRs via the chart.