The existing Verify Component Versions how-to only covers CLI verification with ocm verify cv.
There should be a companion guide explaining how to verify signatures declaratively using the verify field on the Component custom resource — creating the public key Secret, configuring the verify[] array, and troubleshooting common failures.
Good starting points:
- Example:
kubernetes/controller/examples/helm-signing/bootstrap.yaml
- Sample CR:
kubernetes/controller/config/samples/components.delivery.ocm.software_sample.yaml
- API types:
kubernetes/controller/api/v1alpha1/component_types.go (Verification struct)
The existing Verify Component Versions how-to only covers CLI verification with
ocm verify cv.There should be a companion guide explaining how to verify signatures declaratively using the
verifyfield on theComponentcustom resource — creating the public key Secret, configuring theverify[]array, and troubleshooting common failures.Good starting points:
kubernetes/controller/examples/helm-signing/bootstrap.yamlkubernetes/controller/config/samples/components.delivery.ocm.software_sample.yamlkubernetes/controller/api/v1alpha1/component_types.go(Verificationstruct)