Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/codenotary/keel-validator

Use vcn to validate keep updates on kubernetes
https://github.com/codenotary/keel-validator

Last synced: about 2 months ago
JSON representation

Use vcn to validate keep updates on kubernetes

Awesome Lists containing this project

README 

        
# Keel validator



## keel.sh

[Keel](https://keel.sh) is a very simple Kubernetes Operator to automate Helm, DaemonSet, StatefulSet & Deployment updates.

It will track your installations and, when an update is published on their repository, it will update the images.



One interesting feature of keel is that it can wait for an external approval. When an update is ready to be deployed, a new

approval request is created. A human supervisor, or a different software, have to vouch the update in order to be performed.



If you have enabled the web panel, you can check for update approvals using a browser or you can use the rest interface to interact with them. We are going to exploit that for image authentication.



## Image authentication



Keel approval phase is the perfect moment to plug in image authentication. Image is approved only if it is trusted to run.



This simple deployment is polling keel to see if there are pending approvals. If there are, it tries to authenticate

using `vcn` tool from CodeNotary.



If the image authenticates, that means it was notarized and signed as trusted, so the update is approved.



## Installation



Fill in the values for credentials in `keel-validator.yaml` file:

```yaml

---

apiVersion: v1

kind: Secret

metadata:

  name: keel-validator-secrets

type: Opaque 

data: 

  tc-api-key: 

  tc-signer-id: 

  keel-username: 

  keel-password: 

  registry-json-key: |

    if_your_registry_needs_json_authentication

    (like_gcr)_enter_here_your_json_key

```



then `kubectl deploy -n keel -f keel-validator.yaml`.