adds tsa. (#688)

sigstore · Jan 7, 2024 · d2e17eb · d2e17eb
1 parent a423179
commit d2e17eb
Show file tree

Hide file tree

Showing 7 changed files with 77 additions and 2 deletions.
diff --git a/charts/tuf/Chart.yaml b/charts/tuf/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: tuf
 description: A framework for securing software update systems - the scaffolding implementation
 type: application
-version: 0.1.9
+version: 0.1.10
 appVersion: "0.6.10"
 
 home: https://sigstore.dev/

diff --git a/charts/tuf/README.md b/charts/tuf/README.md
@@ -1,6 +1,6 @@
 # tuf
 
-![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.10](https://img.shields.io/badge/AppVersion-0.6.10-informational?style=flat-square)
+![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.10](https://img.shields.io/badge/AppVersion-0.6.10-informational?style=flat-square)
 
 A framework for securing software update systems - the scaffolding implementation
 
@@ -53,6 +53,10 @@ A framework for securing software update systems - the scaffolding implementatio
 | secrets.rekor.key | string | `"key"` |  |
 | secrets.rekor.name | string | `"rekor-public-key"` |  |
 | secrets.rekor.path | string | `"rekor.pub"` |  |
+| secrets.tsa.create | bool | `false` |  |
+| secrets.tsa.key | string | `"cert-chain"` |  |
+| secrets.tsa.name | string | `"tsa-cert-chain"` |  |
+| secrets.tsa.path | string | `"tsa.certchain.pem"` |  |
 | service.name | string | `"tuf-server"` |  |
 | service.port | int | `80` |  |
 | serviceAccountName | string | `"tuf"` |  |

diff --git a/charts/tuf/ci/ci-values.yaml b/charts/tuf/ci/ci-values.yaml
@@ -9,3 +9,6 @@ secrets:
   ctlog:
     create: true
     value: baz
+  tsa:
+    create: true
+    value: qux
diff --git a/charts/tuf/templates/deployment.yaml b/charts/tuf/templates/deployment.yaml
@@ -63,6 +63,11 @@ spec:
               items:
               - key: {{ .Values.secrets.rekor.key }}
                 path: {{ .Values.secrets.rekor.path }}
+          - secret:
+              name: {{ .Values.secrets.tsa.name }}
+              items:
+              - key: {{ .Values.secrets.tsa.key }}
+                path: {{ .Values.secrets.tsa.path }}
     {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}

diff --git a/charts/tuf/templates/secrets.yaml b/charts/tuf/templates/secrets.yaml
@@ -29,4 +29,15 @@ metadata:
 type: Opaque
 data:
   {{ .Values.secrets.ctlog.key }}: {{ b64enc .Values.secrets.ctlog.value }}
+---
+{{ end }}
+{{ if .Values.secrets.tsa.create }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.secrets.tsa.name }}
+{{ include "tuf.namespace" . | indent 2 }}
+type: Opaque
+data:
+  {{ .Values.secrets.tsa.key }}: {{ b64enc .Values.secrets.tsa.value }}
 {{ end }}
diff --git a/charts/tuf/values.schema.json b/charts/tuf/values.schema.json
@@ -208,6 +208,41 @@
                         "key": "key",
                         "path": "ctfe.pub"
                     }]
+                },
+                "tsa": {
+                    "type": "object",
+                    "properties": {
+                        "create": {
+                            "type": "boolean",
+                            "examples": [
+                                false
+                            ]
+                        },
+                        "name": {
+                            "type": "string",
+                            "examples": [
+                                "tsa-cert-chain"
+                            ]
+                        },
+                        "key": {
+                            "type": "string",
+                            "examples": [
+                                "cert-chain"
+                            ]
+                        },
+                        "path": {
+                            "type": "string",
+                            "examples": [
+                                "tsa.certchain.pem"
+                            ]
+                        }
+                    },
+                    "examples": [{
+                        "create": false,
+                        "name": "tsa-cert-chain",
+                        "key": "cert-chain",
+                        "path": "tsa.certchain.pem"
+                    }]
                 }
             },
             "examples": [{
@@ -228,6 +263,12 @@
                     "name": "ctlog-public-key",
                     "key": "key",
                     "path": "ctfe.pub"
+                },
+                "tsa": {
+                    "create": false,
+                    "name": "tsa-cert-chain",
+                    "key": "cert-chain",
+                    "path": "tsa.certchain.pem"
                 }
             }]
         },
@@ -389,6 +430,12 @@
                 "name": "ctlog-public-key",
                 "key": "key",
                 "path": "ctfe.pub"
+            },
+            "tsa": {
+                "create": false,
+                "name": "tsa-cert-chain",
+                "key": "key",
+                "path": "tsa.certchain.pem"
             }
         },
         "ingress": {

diff --git a/charts/tuf/values.yaml b/charts/tuf/values.yaml
@@ -32,6 +32,11 @@ secrets:
     name: ctlog-public-key
     key: public
     path: ctfe.pub
+  tsa:
+    create: false
+    name: tsa-cert-chain
+    key: cert-chain
+    path: tsa.certchain.pem
 
 ingress:
   create: true