pub/cosign-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix build
All checks were successful
build, sign and push / build-and-sign (push) Successful in 27s
Details

Browse Source
This commit is contained in:
Vassiliy Yegorov
2026-03-26 19:38:05 +07:00
parent aadfe767d3
commit 430d4de3d6
6 changed files with 61 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
policies/kyverno-image-signature-policy.yaml
View File

@@ -4,21 +4,22 @@ metadata:
name: require-image-signature
spec:
validationFailureAction: Enforce
background: false
rules:
- name: verify-image-signature
match:
resources:
kinds:
- Pod
include:
resources:
namespaces:
- cosign-test
verifyImages:
- image: "git.ntk.novotelecom.ru/adm/docker-trust*"
key: "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kmEd1dzkY0MLMhNlkPz8LbX70tdw5acXoKYvOGzcTUK4jppKBCLst121UMC0L5DcgqNE9uly0S78aE8pbIxpBSgVdM8NPRa90vGTi50rauzOGiVRSxOzmkh3BVErqga84U9xb8QmS28rwjdSCbZSx27quzkDrvHwrfid5DroCSkNFQo7Bb84jlgTbrV5KwXkd7G5bMB3qaAzIpBQH+LbKn8/76rlU9/NfUpzftFdOwVVOWQIC7PYU8z2cKI9C+Su+MkrozuGSLrR/Z/urCK9xibrUzRMX7N2v5ORXGhili4pFJG7asxQjPzl2a23iYGkt8c5egxlXWFk4zrVnmawIDAQAB-----END PUBLIC KEY-----"
attestors:
- entries:
- keyless:
subject: "*"
issuer: "*"
- name: check-image-signature
match:
any:
- resources:
kinds: [Pod]
namespaces: ["cosign-test"]
verifyImages:
- imageReferences:
- "git.realmanual.ru/pub/*"
attestors:
- entries:
- keys:
publicKeys: |-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZZ/9MbR3WZg9K/pk936vukFjeWVt
2oMpW4OmElpIq1aH3jZIA03Hwm7FVdhyumb1vPu5k0DOV8RX4UIs6rkhzA==
-----END PUBLIC KEY-----