10 repository: chainguard-private/curl
12 version: sha256:df6a5b122f3038224a275b4f09776cc3036b6f001da1ce74759c15dcc0e3fdeb
13 imagePullPolicy: IfNotPresent
14 containerResources: {}
23 # -- KMS type for signing key (possible values: "" / "none", "aws")
25 secret: fulcio-server-secret
26 # -- kubernetes secret name containing IAM credentials for use with AWS KMS
27 awsKmsCredentialsSecretName: aws-kms-credentials
28 # -- AWS region if using AWS KMS for signing key
29 awsKmsRegion: us-east-1
34 repository: chainguard-private/fulcio
35 pullPolicy: IfNotPresent
36 # crane digest ghcr.io/sigstore/fulcio:v1.8.7
37 version: latest@sha256:78a08cac186dd8c8c9af391faa137f85f1ec8dcee19895f6289afae342b9b9c5
41 # Valid values: googleca, pkcs11ca, aws-hsm-root-ca-path, fileca, kmsca
42 certificateAuthority: fileca
43 # kms_resource: gcpkms://....
45 # << your PEM encoded cert chain here. Order from active intermedate first to root last >>
46 # tink_kms_resource: gcp-kms://...
47 # tink_kms_cert_chain: |-
48 # << your PEM encoded Tink cert chain here. Order from active intermedate first to root last >>
50 # << your encrypted Tink keyset >>
53 gcp_private_ca_parent: projects/test/locations/us-east1/caPools/test
62 # -- Liveness probe for the fulcio server container. `httpGet.port` should
63 # match `server.args.port`.
73 # -- Readiness probe for the fulcio server container. `httpGet.port` should
74 # match `server.args.port`.
106 host: "fulcio.localhost"
112 nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
114 - host: fulcio.localhost
115 path: /dev.sigstore.fulcio.v2.CA
117 - secretName: fulcio-grpc-ingress-tls
128 host: fulcio.localhost
131 staticGlobalIP: lb-ext-ip
132 frontendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
133 sslPolicy: fulcio-ssl-policy
136 backendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
138 name: fulcio-security-policy
143 requestPath: "/healthz"
145 # -- Additional labels to add to the server pod
166 repository: chainguard-private/sigstore-scaffolding-fulcio-createcerts
167 pullPolicy: IfNotPresent
169 version: latest@sha256:fe971facc8f441e6f214d94342deb7597df39e84b6af7839c8ee0f5d7deb0172
170 ttlSecondsAfterFinished: 3600
185# Configure ctlog dependency
189 forceNamespace: ctlog-system
190 fullnameOverride: ctlog
195 name: ctlog-createtree
196 fullnameOverride: ctlog-createtree
198 name: ctlog-createcerts
199 fullnameOverride: ctlog-createcerts
202# Force namespace of namespaced resources