diff --git a/docs/content/timeline/changelog.md b/docs/content/timeline/changelog.md index 8aeab3fe..fd68434c 100644 --- a/docs/content/timeline/changelog.md +++ b/docs/content/timeline/changelog.md @@ -15,7 +15,16 @@ weight = 11 ## Recent Changes -* Added helm charts the ability to optionally disable custom namespace generation. +TBD. + +## [0.27.3] - 2024-10-03 + +This is a quick patch release to add Helm chart options. + +### Added + +* Added helm charts the ability to optionally disable custom namespace + generation. ## [0.27.2] - 2024-09-30 diff --git a/helm-charts/0.27.3/README.md b/helm-charts/0.27.3/README.md index 9183cd54..28044d30 100644 --- a/helm-charts/0.27.3/README.md +++ b/helm-charts/0.27.3/README.md @@ -110,6 +110,7 @@ The sections below are autogenerated from chart source code: | global.deployKeystone | bool | `true` | Deploy the Keystone VSecM component. VSecM Keystone is a lightweight Pod that is initialized only after VSecM Sentinel completes it `initCommand` initialization sequence. | | global.deploySentinel | bool | `true` | Deploy VSecM Sentinel. VSecM Sentinel is the only admin interface where you can register secrets. For best security, you might want to disable the initial deployment of it. This way, you can deploy VSecM Sentinel off-cycle later when you need it. | | global.deploySpire | bool | `true` | Deploy SPIRE components. If set to false, SPIRE components will not be deployed. This is useful when SPIRE is already deployed in the cluster. | +| global.enableKAppAnnotations | bool | `false` | Set it to true to enable kapp annotations. This is useful when you are using kapp to deploy the VSecM components. (ref: https://carvel.dev/kapp/) | | global.enableOpenShift | bool | `false` | Set it to true for OpenShift deployments. This will add necessary annotations to the SPIRE components to make them work on OpenShift. | | global.images | object | `{"initContainer":{"repository":"vsecm-ist-init-container","tag":"0.27.3"},"keystone":{"distrolessFipsRepository":"vsecm-ist-fips-keystone","distrolessRepository":"vsecm-ist-keystone","pullPolicy":"IfNotPresent","tag":"0.27.3"},"nodeDriverRegistrar":{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-node-driver-registrar","tag":"v2.10.0"},"openShiftHelperUbi9":{"pullPolicy":"IfNotPresent","repository":"registry.access.redhat.com/ubi9","tag":"latest"},"safe":{"distrolessFipsRepository":"vsecm-ist-fips-safe","distrolessRepository":"vsecm-ist-safe","pullPolicy":"IfNotPresent","tag":"0.27.3"},"sentinel":{"distrolessFipsRepository":"vsecm-ist-fips-sentinel","distrolessRepository":"vsecm-ist-sentinel","pullPolicy":"IfNotPresent","tag":"0.27.3"},"spiffeCsiDriver":{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spiffe-csi-driver","tag":"0.2.6"},"spireAgent":{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-agent","tag":"1.9.6"},"spireControllerManager":{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-controller-manager","tag":"0.5.0"},"spireHelperBash":{"pullPolicy":"IfNotPresent","repository":"cgr.dev/chainguard/bash","tag":"latest@sha256:8c9e5cbb641ced8112c637eb3611dab29bf65448a9d884a03938baf1b352dc4d"},"spireHelperKubectl":{"pullPolicy":"IfNotPresent","repository":"docker.io/rancher/kubectl","tag":"v1.28.0"},"spireServer":{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-server","tag":"1.9.6"}}` | Where to find the dependent images of VSecM. Normally, you would not need to modify this. | | global.images.nodeDriverRegistrar | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-node-driver-registrar","tag":"v2.10.0"}` | Container registry details of SPIFFE CSI Node Driver Registrar. | @@ -117,6 +118,8 @@ The sections below are autogenerated from chart source code: | global.images.spireAgent | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-agent","tag":"1.9.6"}` | Container registry details of SPIRE Agent. | | global.images.spireControllerManager | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-controller-manager","tag":"0.5.0"}` | Container registry details of SPIRE Controller Manager. | | global.images.spireServer | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-server","tag":"1.9.6"}` | Container registry details of SPIRE Server. | +| global.preInstallSpireNamespaces | bool | `true` | Set it to true to enable the pre-installation of the SPIRE namespaces. If set to false, the SPIRE namespaces will not be pre-installed; you will need to create `spire-system` and `spire-server` namespaces manually. | +| global.preInstallVSecMNamespaces | bool | `true` | Set it to true to enable the pre-installation of the VSecM namespaces. If set to false, the VSecM namespaces will not be pre-installed; you will need to create a `vsecm-system` namespace manually. | | global.registry | string | `"vsecm"` | Registry url. Defaults to "vsecm", which points to the public vsecm DockerHub registry: . | | global.spire | object | `{"caCommonName":"vsecm.com","caCountry":"US","caOrganization":"vsecm.com","controllerManagerClassName":"vsecm","federationEnabled":false,"logLevel":"DEBUG","namespace":"spire-system","serverAddress":"spire-server.spire-server.svc.cluster.local","serverNamespace":"spire-server","serverPort":443,"trustDomain":"vsecm.com"}` | SPIRE-related global configuration. | | global.spire.caCommonName | string | `"vsecm.com"` | The SPIRE CA common name. |