search

postfinance / kubelet-csr-approver

Kubernetes controller to enable automatic kubelet CSR validation after a series of (configurable) security checks
MIT License
177 stars 34 forks source link

Upload Helm chart to OCI registry #282

Open onedr0p opened 1 week ago

onedr0p commented 1 week ago

Is your feature request related to a problem?

With Helm v3.8.0, the OCI support became GA, which is an excellent chance to start publishing Helm charts to OCI-compliant registries. GHCR supports OCI artifacts and a lot of projects have been using them to publish their helm charts as OCI artifacts.

It brings an opportunity to sign Helm charts stored as OCI Artifacts with cosign to provide their integrity and use GitOps tooling such as Flux to reconcile them as they were stored as OCI artifacts. Flux can reconcile OCI Artifacts and verify their integrity before reconciling them.

clementnuss commented 1 week ago

Sounds nice 🙃 I have already worked with OCI-packaged Helm Charts and quite like the idea. I will try to implement that, unless you want to submit a PR 😉 Regarding cosign I will see if I have time to look at that as well, but I'll probably only start with the OCI-packaged Helm Charts on ghcr.io.

onedr0p commented 1 week ago

Unfortunately I won't have any time soon but I'll check back in the future if this isn't done and contribute, thanks for being open to the idea!