diff --git a/deploy/charts/jetstack-agent/Chart.yaml b/deploy/charts/jetstack-agent/Chart.yaml index 31eb3780..556d6a89 100644 --- a/deploy/charts/jetstack-agent/Chart.yaml +++ b/deploy/charts/jetstack-agent/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: jetstack-agent description: TLS Protect for Kubernetes Agent type: application -version: 0.4.0 -appVersion: "v0.1.43" +version: 0.5.0 +appVersion: "v1.6.0" home: https://github.com/jetstack/jetstack-secure maintainers: - name: JSCP and CRE Team diff --git a/deploy/charts/jetstack-agent/templates/deployment.yaml b/deploy/charts/jetstack-agent/templates/deployment.yaml index 64b0be22..6c156df4 100644 --- a/deploy/charts/jetstack-agent/templates/deployment.yaml +++ b/deploy/charts/jetstack-agent/templates/deployment.yaml @@ -33,14 +33,30 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if eq .Values.authentication.type "token" }} env: - - name: API_TOKEN - valueFrom: - secretKeyRef: - name: {{ default "agent-credentials" .Values.authentication.secretName }} - key: {{ default "apitoken" .Values.authentication.secretKey }} + {{- if eq .Values.authentication.type "token" }} + - name: API_TOKEN + valueFrom: + secretKeyRef: + name: {{ default "agent-credentials" .Values.authentication.secretName }} + key: {{ default "apitoken" .Values.authentication.secretKey }} {{- end }} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: POD_NODE + valueFrom: + fieldRef: + fieldPath: spec.nodeName {{- if not (empty .Values.command) }} command: {{- range .Values.command }} diff --git a/deploy/charts/jetstack-agent/templates/rbac.yaml b/deploy/charts/jetstack-agent/templates/rbac.yaml index 3cb3c2f9..d3b10a71 100644 --- a/deploy/charts/jetstack-agent/templates/rbac.yaml +++ b/deploy/charts/jetstack-agent/templates/rbac.yaml @@ -200,7 +200,7 @@ metadata: labels: {{- include "jetstack-agent.labels" . | nindent 4 }} rules: - - apiGroups: ["*.openshift.io"] + - apiGroups: ["route.openshift.io"] resources: - routes verbs: ["get", "list", "watch"] diff --git a/deploy/charts/jetstack-agent/tests/deployment_test.yaml b/deploy/charts/jetstack-agent/tests/deployment_test.yaml index 72ed79ea..e847dcb7 100644 --- a/deploy/charts/jetstack-agent/tests/deployment_test.yaml +++ b/deploy/charts/jetstack-agent/tests/deployment_test.yaml @@ -20,7 +20,7 @@ tests: # Check is latest is set as tag that it uses that tag - equal: path: spec.template.spec.containers[0].image - value: quay.io/jetstack/preflight:latest + value: registry.venafi.cloud/venafi-agent/venafi-agent:latest # Check naming works with nameOverride - it: Deployment name is set when nameOverride is used diff --git a/deploy/charts/jetstack-agent/values.yaml b/deploy/charts/jetstack-agent/values.yaml index 351b55a7..5835b9de 100644 --- a/deploy/charts/jetstack-agent/values.yaml +++ b/deploy/charts/jetstack-agent/values.yaml @@ -7,11 +7,11 @@ replicaCount: 1 image: # -- Default to Open Source image repository - repository: quay.io/jetstack/preflight + repository: "registry.venafi.cloud/venafi-agent/venafi-agent" # -- Defaults to only pull if not already present pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion - tag: "v0.1.43" + tag: "v1.6.0" # -- Specify image pull credentials if using a prviate registry imagePullSecrets: [] diff --git a/hack/install_local_jetstack_secure_chart.sh b/hack/install_local_jetstack_secure_chart.sh new file mode 100755 index 00000000..d19c6fd3 --- /dev/null +++ b/hack/install_local_jetstack_secure_chart.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +set -eu -o pipefail + +# This script is provided to quickly install the Jetstack Secure Helm chart from the local checkout +# into a Kind cluster, for testing changes to the legacy chart with Jetstack Secure. +# +# This script should be invoked from the root of the repository, e.g.: +# ./hack/install_local_jetstack_secure_chart.sh + +TLSPK_ORG="${TLSPK_ORG:-jetstack}" +TLSPK_CLUSTER_NAME="jss_test_$(date +"%Y%m%d_%H%M")" + +helm install cert-manager oci://quay.io/jetstack/charts/cert-manager:v1.18.2 \ + --set crds.enabled=true \ + --namespace cert-manager \ + --create-namespace \ + --set 'extraArgs={--dns01-recursive-nameservers-only,--dns01-recursive-nameservers=https://1.1.1.1/dns-query}' + +kubectl create namespace jetstack-secure || : + +# Get credentials from: https://platform.jetstack.io/org/jetstack/manage/service_accounts +# Save them as JSON a file named credentials.json +kubectl create secret generic agent-credentials --namespace jetstack-secure --from-file=credentials.json || : + +helm upgrade --install --create-namespace -n jetstack-secure jetstack-agent \ + ./deploy/charts/jetstack-agent \ + --set config.organisation="${TLSPK_ORG}" \ + --set config.cluster="${TLSPK_CLUSTER_NAME}"