fix: make notation verifier installation optional on ratify installat…

…ion (ratify-project#1719) Signed-off-by: akashsinghal <[email protected]>
akashsinghal · Sep 13, 2024 · 78968c9 · 78968c9
1 parent d2d5b04
commit 78968c9
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 0 deletions.
diff --git a/charts/ratify/templates/NOTES.txt b/charts/ratify/templates/NOTES.txt
@@ -0,0 +1,6 @@
+{{- if not (or .Values.notation.enabled .Values.cosign.enabled .Values.sbom.enabled .Values.vulnerabilityreport.enabled) }}
+***********************************************************
+WARNING: All verifiers are disabled.
+It's recommended that at least one is enabled for proper functionality.
+***********************************************************
+{{- end }}
diff --git a/charts/ratify/templates/verifier.yaml b/charts/ratify/templates/verifier.yaml
@@ -1,4 +1,5 @@
 {{- $fullname := include "ratify.fullname" . -}}
+{{- if .Values.notation.enabled }}
 apiVersion: config.ratify.deislabs.io/v1beta1
 kind: Verifier
 metadata:
@@ -37,6 +38,7 @@ spec:
             - ca:certs
           trustedIdentities:
             - "*"
+{{- end }}
 ---
 {{- if .Values.cosign.enabled }}
 apiVersion: config.ratify.deislabs.io/v1beta1

diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml
@@ -12,6 +12,9 @@ tolerations: []
 notationCerts: []
 cosignKeys: []
 
+notation:
+  enabled: true
+
 cosign:
   enabled: true
   scopes: ["*"] # corresponds to a single trust policy