UNCLASSIFIED - NO CUI

Added cosign secret and sample HelmRelease implementation

Jared Ladnerrequested to merge
1780-cosign-cert-secret into master

Package Merge Request

Package Changes

  • Added template to generate a secret for each item in .Values.helmRepositories that has a cosignPublicKey key
  • Added a "verify" block in the "packages" HelmRelease that will be included if the given package selects cosignVerify: true and the HelmRepo is of type oci
  • Updated _helpers.tpl with a function to lookup the HelmRepo type based on the provided name (getRepoType)
  • Updated values.yaml with the new HelmRepo specification (addition of cosignPublicKey key) and updated the .packages.sample.helmRepo with a cosignVerify key
  • Updated values.schema.json with the corresponding keys, types, and default values

Package MR

N/A

For Issue

Closes #1780 (closed)

Closes #1780 (closed)

Upgrade Notices

This Upgrade includes Helm OCI Verify in the Flux charts. Now that BigBang signs their OCI Helm Charts, we have added the capabilty for Flux to verify the signature.

Edited by Jared Ladner

Merge request reports

UNCLASSIFIED - NO CUI