@@ -306,10 +306,38 @@ clusterGroup:
306306 name : trustee
307307 namespace : trustee-operator-system
308308 project : hub
309- chart : trustee
310- chartVersion : 0.1.*
311- extraValueFiles :
312- - ' $patternref/overrides/values-trustee.yaml'
309+ # TEMPORARY: Using Git branch with TDX config until PR merges
310+ # Git repo with TDX attestation support
311+ repoURL : https://github.com/beraldoleal/trustee-chart.git
312+ targetRevision : tdx-fix
313+ path : .
314+ # TO REVERT after PR merge: Remove repoURL/targetRevision/path and uncomment:
315+ # chart: trustee
316+ # chartVersion: 0.1.*
317+ # extraValueFiles:
318+ # - '$patternref/overrides/values-trustee.yaml'
319+ # TEMPORARY: Inline values because $patternref doesn't work with Git repo source
320+ # TODO: Move these values back to overrides/values-trustee.yaml once using Helm chart registry
321+ # Secret store configuration for External Secrets Operator
322+ secretStore :
323+ name : vault-backend
324+ kind : ClusterSecretStore
325+ kbs :
326+ # Enable Intel TDX attestation support
327+ tdx :
328+ enabled : true
329+ collateralService : " https://api.trustedservices.intel.com/sgx/certification/v4/"
330+ # Secret resources accessible to trustee from Vault
331+ secretResources :
332+ - name : " kbsres1"
333+ key : " secret/data/hub/kbsres1"
334+ - name : " passphrase"
335+ key : " secret/data/hub/passphrase"
336+ # SPIRE x509pop certificates per workload type
337+ - name : " spire-cert-qtodo"
338+ key : " secret/data/pushsecrets/spire-cert-qtodo"
339+ - name : " spire-key-qtodo"
340+ key : " secret/data/pushsecrets/spire-key-qtodo"
313341 sandbox :
314342 name : sandbox
315343 namespace : openshift-sandboxed-containers-operator
0 commit comments