Helm package integrity

Registered by Justin Scott on 2016-12-20

The Kubernetes package manager (Helm) used by Kolla-Kubernetes has mechanisms to help ensure the origin and integrity of a Helm package by using GnuPG and other tools.

https://github.com/kubernetes/helm/blob/master/docs/provenance.md

Provided the community is interested in the integrity features, the following goals should be considered:

Kolla-Kubernetes should provide and maintain necessary crypto keys for usage with Helm integrity features.
Kolla-Kubernetes should enable the use of Helm signature verification mechanism(s) to verify the package originated from the Kolla-Kubernetes project.
Kolla-Kubernetes should enable the of use of Helm integrity verification mechanism(s) to verify the package has not been altered.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Medium
Drafter:
Justin Scott
Direction:
Needs approval
Assignee:
None
Definition:
Discussion
Series goal:
None
Implementation:
Not started
Milestone target:
None

Related branches

Sprints

Whiteboard

needs an self-assigned assignee to move to approved state.

I think this is a good idea, but will need infra I think. The keys should be kept safe somewhere and not in a public repo so only packages produced by infra are signed. - kfox1111

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.