Control-signed bundle files
This is a preview/internal deployment path, not a production GA claim. It records the first Control-signed bundle file consume smoke and the current operating limits.
TrustPlane Auth can consume Control-signed trust-material and policy-bundle files mounted into the adapter. Auth verifies the signed files locally with the Control signing public key and does not depend on Control service availability for request-time allow or deny decisions.
The current preview path is file-based. Operators publish or mount the reviewed signed files, then perform a controlled restart or rollout so the adapter reads them. This path does not add hot reload, polling, object storage distribution, direct Control pull, or managed rollout execution.
Adapter image
Use the public GHCR image published from Auth PR #64 for this preview path:
| Field | Value |
|---|---|
| Auth commit | c8579bac89534361b407d8e7fe0ae8d3b7a499b5 |
| Public adapter image | ghcr.io/trustplane-dev/trustplane-auth-adapter:v0.1.0-rc.2@sha256:334f806bf438cb65dfbd305d1f3c7dbe18929ac866b224b874f89f9e931d1573 |
| Internal DOKS smoke image digest | sha256:0bfbe7ab39ca50794554f3a15587ca6f2c12792bb056bb6d5efbab869d935b17 |
Use digest-pinned adapter images for this preview path. Do not use mutable image tags.
The public v0.1.0-rc.1 GHCR adapter image predates the Control-signed bundle file consume
path. Do not use that RC image for controlBundles.enabled=true; use the digest-pinned
v0.1.0-rc.2 GHCR adapter image above.
Required Kubernetes Secrets
The adapter chart references externally-created Kubernetes Secrets by name and key only. It does not create Secrets and public docs should not include signed bundle payloads, private keys, Secret values, kubeconfigs, tokens, or signed request logs.
| Secret name | Required key | Purpose |
|---|---|---|
trustplane-control-trust-material | trust-material.signed.json | Signed trust-material file |
trustplane-control-policy-bundle | policy-bundle.signed.json | Signed policy-bundle file |
trustplane-control-signing-public-key | control-signing-public-key | Control signing public key |
Helm values
Enable the mounted-file consume path with controlBundles.enabled=true:
controlBundles:
enabled: true
trustMaterialSecretName: trustplane-control-trust-material
trustMaterialSecretKey: trust-material.signed.json
policyBundleSecretName: trustplane-control-policy-bundle
policyBundleSecretKey: policy-bundle.signed.json
signingPublicKeySecretName: trustplane-control-signing-public-key
signingPublicKeySecretKey: control-signing-public-key
mountPath: /var/run/trustplane/control-bundles
When enabled, the adapter reads:
--bundle /var/run/trustplane/control-bundles/trust-material.signed.json
--policy-bundle /var/run/trustplane/control-bundles/policy-bundle.signed.json
--control-signing-public-key $(CONTROL_SIGNING_PUBLIC_KEY)
The adapter continues to make local verification decisions from the mounted files. Control can be unavailable during request-time verification; the adapter does not call Control synchronously.
Smoke evidence
The first live DOKS internal smoke passed after Auth PR #64 and auth-deploy PR #32 were merged. The deploy workflow run passed.
Recorded smoke outcome:
| Check | Result |
|---|---|
| Allowed request | 200 |
| Denied request | 403 |
| Public Ingress | none created |
| Deployed image digest | matched the internal DOKS smoke image digest above |
This evidence covers the mounted signed-file consume path only. It does not prove hot reload, polling, object storage distribution, Control pull, managed rollout execution, or production GA readiness.