7642cf7a5f
```
Updated:
argo/argo-cd:
- 5.26.1
bitnami/kafka:
- 21.4.0
bitnami/postgresql:
- 12.2.3
bitnami/redis:
- 17.8.5
bitnami/tomcat:
- 10.5.19
bitnami/wordpress:
- 15.2.54
datadog/datadog:
- 3.19.2
gopaddle/gopaddle:
- 4.2.6
haproxy/haproxy:
- 1.29.2
intel/tcs-issuer:
- 0.5.0
jaeger/jaeger-operator:
- 2.41.0
jenkins/jenkins:
- 4.3.8
jfrog/artifactory-ha:
- 107.55.7
jfrog/artifactory-jcr:
- 107.55.7
kubecost/cost-analyzer:
- 1.101.2
percona/psmdb-db:
- 1.14.0
percona/psmdb-operator:
- 1.14.0
redpanda/redpanda:
- 3.0.3
sysdig/sysdig:
- 1.15.79
```
|
||
|---|---|---|
| .. | ||
| crds | ||
| templates | ||
| .helmignore | ||
| Chart.yaml | ||
| LICENSE | ||
| README.md | ||
| values.yaml | ||
README.md
Trusted Certificate Issuer Helm chart
Trusted Certificate Service (TCS) is a K8s service to protect signing keys using Intel's SGX technology. Kubernetes certificate signing request (CSR) and cert-manager CertificateRequest APIs are both supported.
This document covers how to install Trusted Certificate Service (TCS) issuer (TCI) by using Helm charts.
To learn more check the documentation here.
Prerequisites
- Helm 3.x
- Kubernetes cluster with SGX node
- cert-manager Custom Resource Definitions (CRDs)
Installing the Chart
Use the following command to install TCI (to namespace intel-system which will be created).
The Intel's Helm charts repository:
$ helm repo add intel https://intel.github.io/helm-charts
$ helm repo update
Install the chart:
NOTE: This will also install the CRDs.
$ helm install tci intel/tcs-issuer -n intel-system --create-namespace
Use the following command to verify the installation status.
$ helm ls -n intel-system
Uninstalling the Chart
In case you want to uninstall TCI, use the following command:
NOTE: the below command does not uninstall the CRDs.
$ helm delete tci -n intel-system
Configuration
The following table lists the configurable parameters of the TCS issuer chart and their default values. You can change the default values either via helm --set <parameter=value> or editing the values.yaml and passing the file to helm via helm install -f values.yaml ... option.
| Parameter | Description | Default |
|---|---|---|
image.hub |
Image repository | intel |
image.name |
Image name | trusted-certificate-issuer |
image.tag |
Image tag | Chart's appVersion |
image.pullPolicy |
Image pull policy | IfNotPresent |
controllerExtraArgs |
List of extra arguments passed to the controller | |
imagePullSecrets |
Array of secrets pull an image from a private container image registry or repository | |
pkcs11.sopin |
Create service account | V0lwbUJCybc2Oc6M06Vz |
pkcs11.userpin |
Create service account | U3BnbGIyTUl3ZV9lSHUy |
serviceAccount.create |
Create service account | true |
serviceAccount.annotations |
Dictionary of service account annotations | |
serviceAccount.name |
Name of the service account | Full name of the chart |
podAnnotations |
Dictionary of pod annotations | sgx.intel.com/quote-provider: aesmd |
podSecurityContext |
Dictionary of pod security context settings | |
service.type |
Service type | ClusterIP |
service.port |
Service port | 8443 |
resources.limits.cpu |
CPU limit | 500m |
resources.limits.memory |
Memory limit | 100Mi |
resources.limits.sgx.intel.com/enclave |
SGX enclave limit | 1 |
resources.limits.sgx.intel.com/epc |
SGX epc memory limit | 512Ki |
resources.requests.cpu |
CPU request | 100m |
resources.requests.memory |
Memory request | 20Mi |
resources.requests.sgx.intel.com/enclave |
SGX enclave request | 1 |
resources.requests.sgx.intel.com/epc |
SGX epc memory request | 512Ki |
nodeSelector |
Dictionary of node selector settings | |
tolerations |
Array of tolerations settings | |
affinity |
Dictionary of affinity settings |