Signed helm charts #1720
Comments
cyriltovena
added
component/integrations
type/enhancement
|
This issue has been automatically marked as stale because it has not had any activity in the past 30 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. |
|
Hold on got something! |
stale
bot
removed
the
stale
|
I already published latest charts with the .prov file if you want to give a go @oliverfei that would be great. You can find the public key in the PR closing this issue. |
|
Thanks @cyriltovena.
Also tried verifying promtail, loki-stack, and fluent-bit and got similar sha256 errors. |
|
Ok I'll look into it. |
|
hm I'm getting a different prov file with a different sha256 of the file on every run, even locally. Either I've miss-configured it or there's some bug with helm sha256 encoding. I'm doing this |
|
I think the key was wrong in fact, resigning it even if the sha has changed is working with a new key. |
|
Can you try again ? I didn't change anything but re-uploaded it. And I'm getting good result now |
|
Yeah. It verifies successfully now. |
|
¯\(ツ)/¯ |
Is your feature request related to a problem? Please describe.
We would like to verify the integrity of the helm charts we are installing but cannot do so because the loki helm charts are not signed.
Describe the solution you'd like
We would like for the loki helm charts to be signed and public key published as per https://helm.sh/docs/topics/provenance/
Describe alternatives you've considered
Not verifying the integrity of our helm charts (not ideal).
Additional context
We are in the process of trying to secure our deployments of third-party helm charts.
The text was updated successfully, but these errors were encountered: