Provenance and Integrity in Helm Charts
Publishing a Signed Chart to a Repository
If you are using a classic chart repository (like an S3 bucket, HTTP server, or similar), you need to upload both the signed chart package (.tgz) and the provenance file (.tgz.prov) to the repository.
For example, if you are using an S3 bucket as your chart repository, you can use the AWS CLI to upload both files:
aws s3 cp hello-world-0.1.0.tgz s3://my-helm-charts/
aws s3 cp hello-world-0.1.0.tgz.prov s3://my-helm-charts/
In general, if the URL of a package is https://example.com/charts/mychart-1.2.3.tgz, the provenance file should be accessible at https://example.com/charts/mychart-1.2.3.tgz.prov
Helm in Practice
Designing, Deploying, and Operating Kubernetes Applications at ScaleEnroll now to unlock current content and receive all future updates for free. Your purchase supports the author and fuels the creation of more exciting content. Act fast, as the price will rise as the course nears completion!
Hurry! This limited time offer ends in:
To redeem this offer, copy the coupon code below and apply it at checkout: