kadras-io · ThomasVitale · Apr 9, 2023 · Apr 9, 2023
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,7 +5,7 @@ on:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
-  VERSION: 0.10.0
+  VERSION: 0.11.0-RC1
 
 jobs:
   build:

diff --git a/README.md b/README.md
@@ -27,11 +27,11 @@ This repository contains the following Carvel packages.
 | [knative-serving](https://github.com/kadras-io/package-for-knative-serving) | A solution built on Kubernetes to support deploying and serving of applications and functions as serverless containers. |
 | [kpack](https://github.com/kadras-io/package-for-kpack) | A Kubernetes-native implementation of Cloud Native Buildpacks to build source code into OCI images from within your cluster. |
 | [metrics-server](https://github.com/kadras-io/package-for-metrics-server) | A scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. |
-| [namespace-setup](https://github.com/kadras-io/namespace-setup) | Sets up up namespaces with the necessary RBAC and Secrets to work with the Kadras platform. |
 | [secretgen-controller](https://github.com/carvel-dev/secretgen-controller) | Generates various types of Secrets in-cluster as well as export and import Secrets across namespaces. Maintained by [Carvel](https://github.com/carvel-dev). |
 | [spring-boot-conventions](https://github.com/kadras-io/package-for-spring-boot-conventions) | Defines conventions for Spring Boot workloads that will be applied by the Cartographer Convention Controller. |
-| [tekton-catalog](https://github.com/kadras-io/package-for-tekton-catalog) | A set of Tekton pipelines and tasks used by the Kadras platform to support testing, scanning, delivering and deploying applications. |
+| [tekton-catalog](https://github.com/kadras-io/tekton-catalog) | A set of Tekton pipelines and tasks used by the Kadras platform to support testing, scanning, delivering and deploying applications. |
 | [tekton-pipelines](https://github.com/kadras-io/package-for-tekton-pipelines) | A cloud-native solution for building CI/CD systems. |
+| [workspace-provisioner](https://github.com/kadras-io/workspace-provisioner) | Provisions and configures workspaces (namespaces or virtual clusters) to work with the Kadras Engineering Platform. |
 
 ## 🚀&nbsp; Getting Started
 

diff --git a/docs/verify-release.md b/docs/verify-release.md
@@ -0,0 +1,37 @@
+# Verifying the Package Repository Release
+
+This package repository is published as an OCI artifact, signed with Sigstore [Cosign](https://docs.sigstore.dev/cosign/overview), and associated with a [SLSA Provenance](https://slsa.dev/provenance) attestation.
+
+Using `cosign`, you can display the supply chain security related artifacts for the `ghcr.io/kadras-io/kadras-packages` images. Use the specific digest you'd like to verify.
+
+```shell
+cosign tree ghcr.io/kadras-io/kadras-packages
+```
+
+The result:
+
+```shell
+📦 Supply Chain Security Related artifacts for an image: ghcr.io/kadras-io/kadras-packages
+└── 💾 Attestations for an image tag: ghcr.io/kadras-io/kadras-packages:sha256-046c6f16def6fa8ea562c84169725a4a7ef8c16dd7180137dc729f555af4a151.att
+   └── 🍒 sha256:23f10f5d24941657ddaa5ff25117373a243abbeb51f2f81065e562e3b292ee2d
+└── 🔐 Signatures for an image tag: ghcr.io/kadras-io/kadras-packages:sha256-046c6f16def6fa8ea562c84169725a4a7ef8c16dd7180137dc729f555af4a151.sig
+   └── 🍒 sha256:2e765ddc539ac475fa5275d0709e62699ebc2b47d054be5d5eb05b3d958310e6
+```
+
+You can verify the signature and its claims:
+
+```shell
+cosign verify \
+   --certificate-identity-regexp https://github.com/kadras-io \
+   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
+   ghcr.io/kadras-io/kadras-packages | jq
+```
+
+You can also verify the SLSA Provenance attestation associated with the image.
+
+```shell
+cosign verify-attestation --type slsaprovenance \
+   --certificate-identity-regexp https://github.com/slsa-framework \
+   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
+   ghcr.io/kadras-io/kadras-packages | jq .payload -r | base64 --decode | jq
+```
diff --git a/repo/packages/cartographer.packages.kadras.io/0.7.1+tap.1.yml b/repo/packages/cartographer.packages.kadras.io/0.7.1+tap.1.yml
@@ -0,0 +1,146 @@
+apiVersion: data.packaging.carvel.dev/v1alpha1
+kind: Package
+metadata:
+  name: cartographer.packages.kadras.io.0.7.1+tap.1
+spec:
+  refName: cartographer.packages.kadras.io
+  version: 0.7.1+tap.1
+  releaseNotes: https://github.com/vmware-tanzu/package-for-cartographer/releases/tag/0.7.1+tap.1
+  releasedAt: "2023-03-22T16:00:22Z"
+  valuesSchema:
+    openAPIv3:
+      title: cartographer.packages.kadras.io.0.7.1+tap.1 values schema
+      properties:
+        ca_cert_data:
+          type: string
+          description: 'Optional: PEM Encoded certificate data for image registries with private CA.'
+          default: ""
+        excluded_components:
+          type: array
+          items:
+            type: string
+          default: []
+          description: 'Optional: List of components to exclude from installation (e.g. [conventions])'
+        aws_iam_role_arn:
+          type: string
+          description: 'Optional: Arn role that has access to pull images from ECR container registry'
+          default: ""
+        cartographer:
+          type: object
+          properties:
+            concurrency:
+              type: object
+              properties:
+                max_workloads:
+                  type: integer
+                  description: 'Optional: maximum number of Workloads to process concurrently.'
+                  default: 2
+                max_deliveries:
+                  type: integer
+                  description: 'Optional: maximum number of Deliverables to process concurrently.'
+                  default: 2
+                max_runnables:
+                  type: integer
+                  description: 'Optional: maximum number of Runnables to process concurrently.'
+                  default: 2
+            resources:
+              type: object
+              properties:
+                limits:
+                  type: object
+                  properties:
+                    cpu:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                      description: 'Optional: maximum amount of cpu resources to allow the controller to use'
+                      default: 1000m
+                    memory:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                      description: 'Optional: maximum amount of memory to allow the controller to use'
+                      default: 128Mi
+                requests:
+                  type: object
+                  properties:
+                    cpu:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                      description: 'Optional: minimum amount of cpu to reserve'
+                      default: 250m
+                    memory:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                      description: 'Optional: minimum amount of memory to reserve'
+                      default: 128Mi
+        conventions:
+          type: object
+          properties:
+            resources:
+              type: object
+              properties:
+                limits:
+                  type: object
+                  properties:
+                    cpu:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                      description: 'Optional: maximum amount of cpu resources to allow the controller to use'
+                      default: 1000m
+                    memory:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                      description: 'Optional: maximum amount of memory to allow the controller to use'
+                      default: 128Mi
+                requests:
+                  type: object
+                  properties:
+                    cpu:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                      description: 'Optional: minimum amount of cpu to reserve'
+                      default: 250m
+                    memory:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                      description: 'Optional: minimum amount of memory to reserve'
+                      default: 128Mi
+  template:
+    spec:
+      fetch:
+      - imgpkgBundle:
+          image: index.docker.io/projectcartographer/package-for-cartographer@sha256:155c08105fccb02f0300d948197f1a77a7a476e5825a3f31daa142b81dfd5ab4
+      template:
+      - ytt:
+          ignoreUnknownComments: true
+          paths:
+          - config
+      - kbld:
+          paths:
+          - .imgpkg/images.yml
+          - '-'
+      deploy:
+      - kapp: {}
diff --git a/repo/packages/cartographer.packages.kadras.io/metadata.yml b/repo/packages/cartographer.packages.kadras.io/metadata.yml
@@ -7,7 +7,7 @@ metadata:
 spec:
   displayName: Cartographer
   providerName: VMware
-  shortDescription: Kubernetes native Supply Chain Choreographer.
+  shortDescription: Kubernetes Native Supply Chain Choreographer.
   supportDescription: https://github.com/vmware-tanzu/cartographer
   longDescription: |-
     Cartographer is a Kubernetes native Choreographer. It allows users to