Vassiliy Yegorov
5db0ab10f6
All checks were successful
build, sign and push / build-and-sign (push) Successful in 34s
27 lines
750 B
YAML
27 lines
750 B
YAML
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: require-image-signature
|
|
spec:
|
|
validationFailureAction: Enforce
|
|
background: false
|
|
rules:
|
|
- name: check-image-signature
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds: [Pod]
|
|
namespaces: ["cosign-test"]
|
|
verifyImages:
|
|
- imageReferences:
|
|
# - "git.realmanual.ru/pub/*"
|
|
- "*"
|
|
attestors:
|
|
- entries:
|
|
- keys:
|
|
publicKeys: |-
|
|
-----BEGIN PUBLIC KEY-----
|
|
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZZ/9MbR3WZg9K/pk936vukFjeWVt
|
|
2oMpW4OmElpIq1aH3jZIA03Hwm7FVdhyumb1vPu5k0DOV8RX4UIs6rkhzA==
|
|
-----END PUBLIC KEY-----
|