securesign · cooktheryan · Feb 27, 2024 · Feb 19, 2024 · Feb 27, 2024
diff --git a/charts/trusted-artifact-signer/Chart.yaml b/charts/trusted-artifact-signer/Chart.yaml
@@ -33,4 +33,4 @@ sources:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.42
+version: 0.1.43
diff --git a/charts/trusted-artifact-signer/templates/backfillRedis-cronjob.yaml b/charts/trusted-artifact-signer/templates/backfillRedis-cronjob.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.configs.rekor.backfillRedis.enabled }}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backfill-redis
+  namespace: {{ .Values.configs.rekor.namespace }}
+spec:
+  schedule: {{ .Values.configs.rekor.backfillRedis.schedule | quote }}
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: backfill-redis
+            image: "{{ template "image" .Values.configs.rekor.backfillRedis.image }}"
+            command: ["/bin/sh", "-c"]
+            args:
+            - >
+              endIndex=$(curl -sS http://rekor-server/api/v1/log | sed -E 's/.*"treeSize":([0-9]+).*/\1/'); 
+              endIndex=$((endIndex-1)); 
+              if [ $endIndex -lt 0 ]; then 
+                echo "info: no rekor entries found"; 
+                exit 0; 
+              fi; 
+              backfill-redis --hostname=rekor-redis --port=6379 --rekor-address=http://rekor-server --start=0 --end=$endIndex
+          restartPolicy: OnFailure
+{{- end }}
diff --git a/charts/trusted-artifact-signer/templates/consoleclidownload-cosign.yaml b/charts/trusted-artifact-signer/templates/consoleclidownload-cosign.yaml
@@ -3,6 +3,11 @@ apiVersion: console.openshift.io/v1
 kind: ConsoleCLIDownload
 metadata:
   name: cosign
+  labels:
+    app.kubernetes.io/managed-by: "Helm"
+  annotations:
+    meta.helm.sh/release-name: "trusted-artifact-signer"
+    meta.helm.sh/release-namespace: "trusted-artifact-signer"
 spec:
   description: cosign is a CLI tool that allows you to
     manage sigstore artifacts.

diff --git a/charts/trusted-artifact-signer/templates/consoleclidownload-ec.yaml b/charts/trusted-artifact-signer/templates/consoleclidownload-ec.yaml
@@ -3,6 +3,11 @@ apiVersion: console.openshift.io/v1
 kind: ConsoleCLIDownload
 metadata:
   name: enterprisecontract
+  labels:
+    app.kubernetes.io/managed-by: "Helm"
+  annotations:
+    meta.helm.sh/release-name: "trusted-artifact-signer"
+    meta.helm.sh/release-namespace: "trusted-artifact-signer"
 spec:
   description: Enterprise Contract is a tool for verifying signatures and performing policy checks on container images
   displayName: Enterprise Contract - Command Line Interface (CLI)

diff --git a/charts/trusted-artifact-signer/templates/consoleclidownload-gitsign.yaml b/charts/trusted-artifact-signer/templates/consoleclidownload-gitsign.yaml
@@ -3,6 +3,11 @@ apiVersion: console.openshift.io/v1
 kind: ConsoleCLIDownload
 metadata:
   name: gitsign
+  labels:
+    app.kubernetes.io/managed-by: "Helm"
+  annotations:
+    meta.helm.sh/release-name: "trusted-artifact-signer"
+    meta.helm.sh/release-namespace: "trusted-artifact-signer"
 spec:
   description: gitsign is a CLI tool that allows you to
     digitally sign and verify git commits.

diff --git a/charts/trusted-artifact-signer/templates/consoleclidownload-rekor.yaml b/charts/trusted-artifact-signer/templates/consoleclidownload-rekor.yaml
@@ -3,6 +3,11 @@ apiVersion: console.openshift.io/v1
 kind: ConsoleCLIDownload
 metadata:
   name: rekor-cli
+  labels:
+    app.kubernetes.io/managed-by: "Helm"
+  annotations:
+    meta.helm.sh/release-name: "trusted-artifact-signer"
+    meta.helm.sh/release-namespace: "trusted-artifact-signer"
 spec:
   description: rekor-cli is a CLI tool that allows you to
     interact with rekor server.

diff --git a/charts/trusted-artifact-signer/values.yaml b/charts/trusted-artifact-signer/values.yaml
@@ -82,6 +82,15 @@ configs:
         - interval: 30s
           port: 2112-tcp
           scheme: http
+    backfillRedis:
+      enabled: true
+      schedule: "0 0 * * *"
+      image:
+        registry: registry.redhat.io
+        repository: rhtas-tech-preview/backfill-redis-rhel9
+        version: "sha256:028b3090bd0677351cc40de4a49246a5cdd57bdd2ad1668e4d7df0a7c01f20c7"
+        pullPolicy: IfNotPresent
+
 
   fulcio:
     namespace_create: true
@@ -297,12 +306,6 @@ scaffold:
         repository: rhtas-tech-preview/createtree-rhel9
         version: "sha256:ec13e102555022c210361da239ec3cfe2e0d7b7fc3fea51d40e75fcbc9658a42"
         pullPolicy: IfNotPresent
-    backfillredis:
-      image:
-        registry: registry.redhat.io
-        repository: rhtas-tech-preview/backfill-redis-rhel9
-        version: "sha256:028b3090bd0677351cc40de4a49246a5cdd57bdd2ad1668e4d7df0a7c01f20c7"
-        pullPolicy: IfNotPresent
   trillian:
     enabled: true
     forceNamespace: trillian-system