Skip to content

Commit

Permalink
Merge pull request #33 from hectorj2f/hectorj2f/fix_secret_key_ref
Browse files Browse the repository at this point in the history
feat: support secret key ref
  • Loading branch information
cpanato authored Nov 11, 2021
2 parents a8bbda6 + 118ff60 commit 655e2e7
Show file tree
Hide file tree
Showing 5 changed files with 15 additions and 7 deletions.
2 changes: 1 addition & 1 deletion charts/cosigned/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ sources:
type: application

name: cosigned
version: v0.1.0
version: v0.1.1
appVersion: v1.3.0

maintainers:
Expand Down
6 changes: 2 additions & 4 deletions charts/cosigned/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,7 @@ The previous command generates two key files `cosign.key` and `cosign.pub`. Next
kubectl create namespace cosign-system

kubectl create secret generic mysecret -n \
cosign-system --from-file=cosign.pub=./cosign.pub \
--from-file=cosign.key=./cosign.key \
--from-literal=cosign.password=$COSIGN_PASSWORD
cosign-system --from-file=cosign.pub=./cosign.pub
```

Install `cosigned` using Helm and setting the value of the secret key reference to `mysecret` that you created above:
Expand All @@ -30,7 +28,7 @@ helm repo add sigstore https://sigstore.github.io/helm-charts

helm repo update

helm install cosigned -n cosign-system sigstore/cosigned --devel --set webhook.secretKeyRef.name=mysecret
helm install cosigned -n cosign-system sigstore/cosigned --devel --set cosign.secretKeyRef.name=mysecret
```

### Enabling Admission control
Expand Down
6 changes: 4 additions & 2 deletions charts/cosigned/templates/webhook/cosign_secret.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.cosign.cosignPub }}
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -7,6 +8,7 @@ metadata:
namespace: {{ .Release.Namespace }}
type: Opaque
data:
cosign.key: {{ .Values.cosign.cosignKey}}
cosign.password: {{ .Values.cosign.cosignPassword}}
cosign.key: {{ default "" .Values.cosign.cosignKey}}
cosign.password: {{ default "" .Values.cosign.cosignPassword}}
cosign.pub: {{ .Values.cosign.cosignPub}}
{{- end -}}
6 changes: 6 additions & 0 deletions charts/cosigned/templates/webhook/deployment_webhook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,13 @@ spec:
{{- end }}
{{- end }}
args:
{{- if and .Values.cosign.secretKeyRef }}
{{- if .Values.cosign.secretKeyRef.name }}
- -secret-name="{{ .Values.cosign.secretKeyRef.name }}"
{{- end }}
{{- else }}
- -secret-name={{ template "cosigned.fullname" . }}-cosign-key
{{- end }}
{{- range $key, $value := .Values.webhook.extraArgs }}
- -{{ $key }}={{ $value }}
{{- end }}
Expand Down
2 changes: 2 additions & 0 deletions charts/cosigned/values.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
cosign:
secretKeyRef:
name:
# add the values in base64 encoded
cosignKey:
cosignPub:
Expand Down

0 comments on commit 655e2e7

Please sign in to comment.