UNCLASSIFIED - NO CUI

Update each Package HelmRelease with optional 'verify' block

For every package Chart under /chart/templates/, add the conditional verify block to the HelmRelease object.

verify:
  provider: cosign
  secretRef:
    name: cosign-pub

Conditional:

  • {package}.sourceType "helmRepo"
  • HelmRelease.spec.type: "oci" (.Values.helmRepositories[].type)
  • Signing is enabled

Acceptance Criteria:

  • BigBang Chart is installed using OCI Helm Artifact
  • BigBang Chart is verified using flux
  • Signing is enabled by default: helmRepositories.signing.enabled: true
  • Signing can be overriden within the package: {package}.helmRepo.signing.enabled
  • all packages under /chart/templates/ are updated
Edited by Jared Ladner

UNCLASSIFIED - NO CUI