typo fix (#1062)

Signed-off-by: Volkan Özçelik <[email protected]>

docs/content/timeline/changelog.md

@@ -22,7 +22,7 @@ TBD
 ### Added
 
 * VMware Secrets Manager Helm charts now have the ability to generate 
-  RedHat OpenShift compatible manifests. You’ll need to set `global.enableOpenshit`
+  RedHat OpenShift compatible manifests. You’ll need to set `global.enableOpenShift`
   to `true` to use this feature. It is `false` by default because it introduced
   OpenShift-specific security rules that other clusters will not interpret
   properly.

helm-charts/0.26.2/README.md

@@ -111,7 +111,7 @@ The sections below are autogenerated from chart source code:
 | global.deploySentinel | bool | `true` | Deploy VSecM Sentinel. VSecM Sentinel is the only admin interface where you can register secrets. For best security, you might want to disable the initial deployment of it. This way, you can deploy VSecM Sentinel off-cycle later when you need it. |
 | global.deploySpire | bool | `true` | Deploy SPIRE components. If set to false, SPIRE components will not be  deployed. This is useful when SPIRE is already deployed in the cluster. |
 | global.deploySpireControllerManager | bool | `true` | Deploy SPIRE Controller Manager. SPIRE Controller Manager is required for ClusterSPIFFEIDs to function. If something else on your system assigns ClusterSPIFFEIDs to your workloads, or if you want to manually manage your SPIRE Server registration entries, you can set this flag to `false`. |
-| global.enableOpenShit | bool | `false` | Set it to true for OpenShift deployments. This will add necessary annotations to the SPIRE components to make them work on OpenShift. |
+| global.enableOpenShift | bool | `false` | Set it to true for OpenShift deployments. This will add necessary annotations to the SPIRE components to make them work on OpenShift. |
 | global.images | object | `{"initContainer":{"repository":"vsecm-ist-init-container","tag":"0.26.2"},"keystone":{"distrolessFipsRepository":"vsecm-ist-fips-keystone","distrolessRepository":"vsecm-ist-keystone","pullPolicy":"IfNotPresent","tag":"0.26.2"},"nodeDriverRegistrar":{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-node-driver-registrar","tag":"v2.10.0"},"openShiftHelperUbi9":{"pullPolicy":"IfNotPresent","repository":"registry.access.redhat.com/ubi9","tag":"latest"},"safe":{"distrolessFipsRepository":"vsecm-ist-fips-safe","distrolessRepository":"vsecm-ist-safe","pullPolicy":"IfNotPresent","tag":"0.26.2"},"sentinel":{"distrolessFipsRepository":"vsecm-ist-fips-sentinel","distrolessRepository":"vsecm-ist-sentinel","pullPolicy":"IfNotPresent","tag":"0.26.2"},"spiffeCsiDriver":{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spiffe-csi-driver","tag":"0.2.6"},"spireAgent":{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-agent","tag":"1.9.6"},"spireControllerManager":{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-controller-manager","tag":"0.5.0"},"spireHelperBash":{"pullPolicy":"IfNotPresent","repository":"cgr.dev/chainguard/bash","tag":"latest@sha256:8c9e5cbb641ced8112c637eb3611dab29bf65448a9d884a03938baf1b352dc4d"},"spireHelperKubectl":{"pullPolicy":"IfNotPresent","repository":"docker.io/rancher/kubectl","tag":"v1.28.0"},"spireServer":{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-server","tag":"1.9.6"}}` | Where to find the dependent images of VSecM. Normally, you would not need to modify this. |
 | global.images.nodeDriverRegistrar | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-node-driver-registrar","tag":"v2.10.0"}` | Container registry details of SPIFFE CSI Node Driver Registrar. |
 | global.images.spiffeCsiDriver | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spiffe-csi-driver","tag":"0.2.6"}` | Container registry details of SPIFFE CSI Driver. |

helm-charts/0.26.2/charts/spire/templates/clusterrole-spire-server-spire-server.yaml

@@ -14,7 +14,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: spire-server-spire-server
 rules:
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get"]

helm-charts/0.26.2/charts/spire/templates/daemonset-spire-agent.yaml

@@ -50,7 +50,7 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet
       serviceAccountName: spire-agent
       securityContext:
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
         fsGroupChangePolicy: OnRootMismatch
 {{- else }}
         fsGroup: 1000
@@ -83,7 +83,7 @@ spec:
           securityContext:
             runAsUser: 0
             runAsGroup: 0
-{{- if not .Values.global.enableOpenShit }}
+{{- if not .Values.global.enableOpenShift }}
         - name: fsgroupfix
           image: "{{ .Values.global.images.spireHelperBash.repository }}:{{ .Values.global.images.spireHelperBash.tag }}"
           imagePullPolicy: {{ .Values.global.images.spireHelperBash.pullPolicy }}
@@ -111,7 +111,7 @@ spec:
           env:
             - name: PATH
               value: "/opt/spire/bin:/bin"
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
             - name: MY_NODE_NAME
               valueFrom:
                 fieldRef:

helm-charts/0.26.2/charts/spire/templates/daemonset-spire-spiffe-csi-driver.yaml

@@ -37,7 +37,7 @@ spec:
       serviceAccountName: spire-spiffe-csi-driver
 
       priorityClassName: system-node-critical
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
       initContainers:
         - name: set-context
           command:

helm-charts/0.26.2/charts/spire/templates/hook-job-spire-server-post-install.yaml

@@ -35,7 +35,7 @@ spec:
       restartPolicy: Never
       serviceAccountName: spire-server-post-install
       securityContext:
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
         fsGroupChangePolicy: OnRootMismatch
 {{- else }}
         fsGroup: 1000

helm-charts/0.26.2/charts/spire/templates/hook-job-spire-server-post-upgrade.yaml

@@ -35,7 +35,7 @@ spec:
       restartPolicy: Never
       serviceAccountName: spire-server-post-upgrade
       securityContext:
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
         fsGroupChangePolicy: OnRootMismatch
 {{- else }}
         fsGroup: 1000

helm-charts/0.26.2/charts/spire/templates/hook-job-spire-server-pre-upgrade.yaml

@@ -35,7 +35,7 @@ spec:
       restartPolicy: Never
       serviceAccountName: spire-server-pre-upgrade
       securityContext:
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
         fsGroupChangePolicy: OnRootMismatch
 {{- else }}
         fsGroup: 1000

helm-charts/0.26.2/charts/spire/templates/hook-preinstall-csidriver-csi.spiffe.io.yaml

@@ -14,7 +14,7 @@ metadata:
   name: "csi.spiffe.io"
   annotations:
     "helm.sh/hook": pre-install
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
   labels:
     security.openshift.io/csi-ephemeral-volume-profile: restricted
 {{- end }}

helm-charts/0.26.2/charts/spire/templates/hook-preinstall-namespace-spire-server.yaml

@@ -16,7 +16,7 @@ metadata:
     pod-security.kubernetes.io/audit: privileged
     pod-security.kubernetes.io/enforce: privileged
     pod-security.kubernetes.io/warn: privileged
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
     security.openshift.io/scc.podSecurityLabelSync: "false"
 {{- end }}
   annotations:

helm-charts/0.26.2/charts/spire/templates/hook-preinstall-namespace-spire-system.yaml

@@ -16,7 +16,7 @@ metadata:
     pod-security.kubernetes.io/audit: restricted
     pod-security.kubernetes.io/enforce: restricted
     pod-security.kubernetes.io/warn: restricted
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
     security.openshift.io/scc.podSecurityLabelSync: "false"
 {{- end }}
   annotations:

helm-charts/0.26.2/charts/spire/templates/openshift-security-context-constraints.yaml

@@ -8,7 +8,7 @@
 # >/'  SPDX-License-Identifier: BSD-2-Clause
 # */
 
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
 apiVersion: security.openshift.io/v1
 kind: SecurityContextConstraints
 metadata:

helm-charts/0.26.2/charts/spire/templates/statefulset-spire-server.yaml

@@ -52,7 +52,7 @@ spec:
       serviceAccountName: spire-server
       shareProcessNamespace: true
       securityContext:
-{{- if .Values.global.enableOpenShit }}
+{{- if .Values.global.enableOpenShift }}
         fsGroupChangePolicy: OnRootMismatch
 {{- else }}
         fsGroup: 1000

helm-charts/0.26.2/values.yaml

@@ -11,7 +11,7 @@
 global:
   # -- Set it to true for OpenShift deployments. This will add necessary
   # annotations to the SPIRE components to make them work on OpenShift.
-  enableOpenShit: false
+  enableOpenShift: false
 
   # -- Deploy SPIRE components. If set to false, SPIRE components will not be 
   # deployed. This is useful when SPIRE is already deployed in the cluster.

k8s/0.26.1/crds/spire.spiffe.io_clusterfederatedtrustdomains.yaml

@@ -0,0 +1,100 @@
+# Source: spire-crds/templates/spire.spiffe.io_clusterfederatedtrustdomains.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.1
+    helm.sh/resource-policy: keep
+  creationTimestamp: null
+  name: clusterfederatedtrustdomains.spire.spiffe.io
+spec:
+  group: spire.spiffe.io
+  names:
+    kind: ClusterFederatedTrustDomain
+    listKind: ClusterFederatedTrustDomainList
+    plural: clusterfederatedtrustdomains
+    singular: clusterfederatedtrustdomain
+  scope: Cluster
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .spec.trustDomain
+          name: Trust Domain
+          type: string
+        - jsonPath: .spec.bundleEndpointURL
+          name: Endpoint URL
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: ClusterFederatedTrustDomain is the Schema for the clusterfederatedtrustdomains
+            API
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: ClusterFederatedTrustDomainSpec defines the desired state
+                of ClusterFederatedTrustDomain
+              properties:
+                bundleEndpointProfile:
+                  description: BundleEndpointProfile is the profile for the bundle endpoint.
+                  properties:
+                    endpointSPIFFEID:
+                      description: EndpointSPIFFEID is the SPIFFE ID of the bundle endpoint.
+                        It is required for the "https_spiffe" profile.
+                      type: string
+                    type:
+                      description: Type is the type of the bundle endpoint profile.
+                      enum:
+                        - https_spiffe
+                        - https_web
+                      type: string
+                  required:
+                    - type
+                  type: object
+                bundleEndpointURL:
+                  description: BundleEndpointURL is the URL of the bundle endpoint.
+                    It must be an HTTPS URL and cannot contain userinfo (i.e. username/password).
+                  type: string
+                className:
+                  description: Set the class of controller to handle this object.
+                  type: string
+                trustDomain:
+                  description: TrustDomain is the name of the trust domain to federate
+                    with (e.g. example.org)
+                  pattern: '[a-z0-9._-]{1,255}'
+                  type: string
+                trustDomainBundle:
+                  description: TrustDomainBundle is the contents of the bundle for the
+                    referenced trust domain. This field is optional when the resource
+                    is created.
+                  type: string
+              required:
+                - bundleEndpointProfile
+                - bundleEndpointURL
+                - trustDomain
+              type: object
+            status:
+              description: ClusterFederatedTrustDomainStatus defines the observed state
+                of ClusterFederatedTrustDomain
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []