kyverno/scripts/config/custom-sigstore/kyverno.yaml

features:
  tuf:
    enabled: true
    root: "$(TUF_MIRROR)/root.json"
    mirror: "$(TUF_MIRROR)"

admissionController:
  container:
    extraEnvVars:
      - name: TUF_MIRROR
        valueFrom:
          configMapKeyRef:
            name: tufvalues
            key: TUF_MIRROR
      - name: FULCIO_URL
        valueFrom:
          configMapKeyRef:
            name: tufvalues
            key: FULCIO_URL
      - name: REKOR_URL
        valueFrom:
          configMapKeyRef:
            name: tufvalues
            key: REKOR_URL
      - name: CTLOG_URL
        valueFrom:
          configMapKeyRef:
            name: tufvalues
            key: CTLOG_URL
      - name: ISSUER_URL
        valueFrom:
          configMapKeyRef:
            name: tufvalues
            key: ISSUER_URL

reportsController:
  extraEnvVars:
    - name: TUF_MIRROR
      valueFrom:
        configMapKeyRef:
          name: tufvalues
          key: TUF_MIRROR
    - name: FULCIO_URL
      valueFrom:
        configMapKeyRef:
          name: tufvalues
          key: FULCIO_URL
    - name: REKOR_URL
      valueFrom:
        configMapKeyRef:
          name: tufvalues
          key: REKOR_URL
    - name: CTLOG_URL
      valueFrom:
        configMapKeyRef:
          name: tufvalues
          key: CTLOG_URL
    - name: ISSUER_URL
      valueFrom:
        configMapKeyRef:
          name: tufvalues
          key: ISSUER_URL
feat: add support for custom sigstore using TUF (#8385) * feat; add support for custom sigstore using TUF Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add kuttl test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add commit hash Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add kyverno.yaml Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update kyverno deployment Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update ordering Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update deployment Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update create image step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove wait step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: install crane Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: set sha on install crane Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add cosign installer Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update custom deployment Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: helm chart linting Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update Chart.yaml Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: helm values liniting error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: kind-deploy-kyverno Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: create configmap in kyverno namespace Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update policy Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: create kyverno ns Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: use envfrom Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: indentation Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update tuf root Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add sigstore volume Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: nit Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove tuf root Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: use default tuf instead :( Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update Create kind cluster Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove root Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update impl Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: nit Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: use custom test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove force Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: cosign initialize Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yes flag Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update manifest Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: move tuf to features Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update comments Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: helmchart generate Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: trailing white space Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove old fields Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: decouple env config map from tuf Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * change the way we pass flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: re add envConfigMap Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix env vars Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove envConfigMap Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-18 18:46:08 +05:30			`features:`
			`tuf:`
fix: make tuf feature in chart consistent with others (#8542) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-27 15:03:17 +02:00			`enabled: true`
feat: add support for custom sigstore using TUF (#8385) * feat; add support for custom sigstore using TUF Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add kuttl test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add commit hash Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add kyverno.yaml Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update kyverno deployment Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update ordering Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update deployment Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update create image step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove wait step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: install crane Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: set sha on install crane Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add cosign installer Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update custom deployment Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: helm chart linting Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update Chart.yaml Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: helm values liniting error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: kind-deploy-kyverno Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: create configmap in kyverno namespace Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update policy Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: create kyverno ns Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: use envfrom Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: indentation Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update tuf root Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add sigstore volume Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: nit Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove tuf root Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: use default tuf instead :( Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update Create kind cluster Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove root Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update impl Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: nit Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: use custom test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove force Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: cosign initialize Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yes flag Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update manifest Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: move tuf to features Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update comments Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: helmchart generate Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: trailing white space Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove old fields Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: decouple env config map from tuf Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * change the way we pass flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: re add envConfigMap Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix env vars Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove envConfigMap Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-18 18:46:08 +05:30			`root: "$(TUF_MIRROR)/root.json"`
			`mirror: "$(TUF_MIRROR)"`

			`admissionController:`
			`container:`
			`extraEnvVars:`
			`- name: TUF_MIRROR`
			`valueFrom:`
			`configMapKeyRef:`
			`name: tufvalues`
			`key: TUF_MIRROR`
			`- name: FULCIO_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: tufvalues`
			`key: FULCIO_URL`
			`- name: REKOR_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: tufvalues`
			`key: REKOR_URL`
			`- name: CTLOG_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: tufvalues`
			`key: CTLOG_URL`
			`- name: ISSUER_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: tufvalues`
			`key: ISSUER_URL`

			`reportsController:`
			`extraEnvVars:`
			`- name: TUF_MIRROR`
			`valueFrom:`
			`configMapKeyRef:`
			`name: tufvalues`
			`key: TUF_MIRROR`
			`- name: FULCIO_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: tufvalues`
			`key: FULCIO_URL`
			`- name: REKOR_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: tufvalues`
			`key: REKOR_URL`
			`- name: CTLOG_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: tufvalues`
			`key: CTLOG_URL`
			`- name: ISSUER_URL`
			`valueFrom:`
			`configMapKeyRef:`
			`name: tufvalues`
			`key: ISSUER_URL`