-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Venafi Enhanced Issuer config + chart docs update #430
Conversation
Signed-off-by: Peter Fiddes <[email protected]>
Signed-off-by: Peter Fiddes <[email protected]>
Signed-off-by: Peter Fiddes <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some quick comments for consideration
@@ -2,136 +2,151 @@ | |||
|
|||
Jetstack Secure Agent |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you update this to read TLS Protect for Kubernetes Agent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree this should be done, but I think that change will be much larger than just the title. To the extent of this repository being renamed or even moved to be under Venafi Organisation.
I will follow up with product to see where this is on their roadmap.
The helm chart is an OCI chart artifact hosted on both EU and US registries: | ||
|
||
- `oci://eu.gcr.io/jetstack-secure-enterprise/charts/jetstack-agent` | ||
- `oci://us.gcr.io/jetstack-secure-enterprise/charts/jetstack-agent` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Outside of this doc update, can we confirm that we have a proper process in place to make sure both eu.gcr.io
and us.gcr.io
are in sync. Last I checked there were some images that were only on eu.gcr.io
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we do have a process built in enterprise builds just pending a final review and merge here https://github.com/jetstack/enterprise-builds/pull/104
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @SpectralHiss - yes @sitaramkm please see that thread regarding this issue. The current 0.1.0
version of the chart is there because Houssem was proving out his work on publishing the chart, which may have only went to the eu registry. Hopefully once that PR is merged, all future versions will go to both registries.
@@ -5,54 +5,122 @@ | |||
|
|||
## Additional Information | |||
|
|||
The Jetstack secure agent helm chart installs the Kubernetes agent that connects to The TLS Protect For Kubernetes platform. | |||
The Jetstack Secure agent helm chart installs the Kubernetes agent that connects to the TLS Protect For Kubernetes (TLSPK) platform. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The TLS Protect for Kubernetes agent Helm chart
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I caught this with my latest commit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Signed-off-by: Peter Fiddes <[email protected]>
@sitaramkm - I made a couple tweaks to use I very nearly just linked to the website but thought it was nice to have a copy with the chart so it was a complete package. Regarding naming, lets keep that for a separate thread because the scope of that could be huge. I've added #431 to be a catch all for renaming / branding discussions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice work
VenafiIssuer
andVenafiClusterIssuer
resources to RBACVenafiIssuer
andVenafiClusterIssuer
to configConfigMap
&Secret
Volumes required.v0.1.39
after updates from trivy scan vulnerability results #307helm-docs
used to match latest availableCloses #422
Pic showing that using this version of the chart I do indeed have a
VenafiIssuer
in TLSPK, a.k.a JSS:I've tested my install but would appreciate someone else giving it a run over as well.