diff --git a/charts/policy-controller/README.md b/charts/policy-controller/README.md index c11add48..9b6e3ce7 100644 --- a/charts/policy-controller/README.md +++ b/charts/policy-controller/README.md @@ -162,7 +162,10 @@ helm uninstall [RELEASE_NAME] | leasescleanup.image.version | string | `"latest-dev"` | | | leasescleanup.podSecurityContext.enabled | bool | `false` | | | leasescleanup.priorityClass | string | `""` | | -| leasescleanup.resources | object | `{}` | | +| leasescleanup.resources.limits.cpu | string | `""` | | +| leasescleanup.resources.limits.memory | string | `""` | | +| leasescleanup.resources.requests.cpu | string | `""` | | +| leasescleanup.resources.requests.memory | string | `""` | | | loglevel | string | `"info"` | | | serviceMonitor.enabled | bool | `false` | | | webhook.affinity | object | `{}` | | diff --git a/charts/policy-controller/templates/webhook/deployment_webhook.yaml b/charts/policy-controller/templates/webhook/deployment_webhook.yaml index 9d417276..f7474d84 100644 --- a/charts/policy-controller/templates/webhook/deployment_webhook.yaml +++ b/charts/policy-controller/templates/webhook/deployment_webhook.yaml @@ -31,10 +31,10 @@ spec: tolerations: {{- toYaml .Values.commonTolerations | nindent 8 }} serviceAccountName: {{ include "webhook.serviceAccountName" . }} - # To avoid node becoming SPOF, spread our replicas to different nodes. {{- if .Values.webhook.priorityClass }} priorityClassName: {{ .Values.webhook.priorityClass }} {{- end }} + # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: {{- if .Values.webhook.affinity }} {{- toYaml .Values.webhook.affinity | nindent 8 }} diff --git a/charts/policy-controller/values.schema.json b/charts/policy-controller/values.schema.json index 1b2abc70..184483e9 100644 --- a/charts/policy-controller/values.schema.json +++ b/charts/policy-controller/values.schema.json @@ -144,7 +144,49 @@ "type": "string" }, "resources": { - "additionalProperties": true, + "additionalProperties": false, + "properties": { + "limits": { + "additionalProperties": false, + "properties": { + "cpu": { + "default": "", + "required": [], + "title": "cpu", + "type": "string" + }, + "memory": { + "default": "", + "required": [], + "title": "memory", + "type": "string" + } + }, + "required": [], + "title": "limits", + "type": "object" + }, + "requests": { + "additionalProperties": false, + "properties": { + "cpu": { + "default": "", + "required": [], + "title": "cpu", + "type": "string" + }, + "memory": { + "default": "", + "required": [], + "title": "memory", + "type": "string" + } + }, + "required": [], + "title": "requests", + "type": "object" + } + }, "required": [], "title": "resources", "type": "object" @@ -235,8 +277,8 @@ "type": "string" }, "version": { - "default": "sha256:f3b57d4c906fcbd7229c3069c055ce2b2862e01106c2b85df1322f1e3a232829", - "description": "crane digest ghcr.io/sigstore/policy-controller/policy-controller:v0.11.0", + "default": "sha256:6b51f336dec9e9adff29606855dbd2c7910c5eb80d6579795a29cb3844428efc", + "description": "crane digest ghcr.io/sigstore/policy-controller/policy-controller:v0.12.0", "required": [], "title": "version", "type": "string" diff --git a/charts/policy-controller/values.yaml b/charts/policy-controller/values.yaml index 97359a3b..0e7d0e22 100644 --- a/charts/policy-controller/values.yaml +++ b/charts/policy-controller/values.yaml @@ -84,13 +84,13 @@ leasescleanup: repository: cgr.dev/chainguard/kubectl version: latest-dev pullPolicy: IfNotPresent - resources: {} - # limits: - # cpu: "" - # memory: "" - # requests: - # cpu: "" - # memory: "" + resources: + limits: + cpu: "" + memory: "" + requests: + cpu: "" + memory: "" podSecurityContext: enabled: false # allowPrivilegeEscalation: false